Introduction

You may need to back up objects between regions to enhance data reliability or achieve proximate access. Cross-region replication is able to meet such a need. Based on user-defined settings, OBS can automatically replicate specified objects to a designated region. A cross-region replication process occurs between a source bucket and a destination bucket. (For example, configure cross-region replication for bucket A in region 1, and then replicate objects from bucket A to bucket B that resides in region 2. In this circumstance, bucket A is called the source bucket, and bucket B is called the destination bucket.) The source and destination buckets must belong to the same account. Replication across accounts is not supported.

Cross-region replication refers to the automatic and asynchronous replication of objects across buckets in different regions. The object replica in the destination bucket is the exact replica of the object replicated from the source bucket. The two objects have the same object name as well as the same metadata including the creation time, owner, user-defined metadata, version, storage class, and ACL.

To implement cross-region replication, set a cross-region replication policy for the source bucket, and OBS replicates objects according to the policy. The policy involves the following settings:

• The destination bucket to which you want OBS to replicate objects.
• The object that you want to replicate.

  You can configure OBS to replicate all objects, or some objects (filtered by a key name prefix). For example, you can configure OBS to replicate only those objects whose names start with Doc/. Then OBS will replicate those objects whose names start with Doc/doc1 and Doc/doc2 but not those objects whose names start with Host/doc3.

• By default, OBS uses the storage class of the source object to create an object replica. You can also select a desired storage class to create an object replica.

Some other settings are also customizable.

Unless with user-defined settings, the object replica in the destination bucket is identical to the source object in the source bucket. For example:

• The object replica has the same key name and metadata (creation time, user-defined metadata, and version ID).
• Unless you select a different storage class, OBS will create an object replica with the same storage class with the source object.
• If the object replica will be still owned by the source object owner, OBS also replicates the object ACL when replicating an object.
• If you select a different storage class, the object replica will have different metadata from the source object. For example, if object a in source bucket A is in the Standard storage class but the Archive storage class is selected for its replica, object replica a1 in the destination bucket B will be in the Archive storage class.

OBS uses SSL to encrypt all the data in flight during a cross-region replication.

Each object can be replicated to only one bucket, and cannot be repetitively replicated. If you change the destination bucket in a cross-region replication policy after a replication, OBS does not replicate it again.

Scenario

You may initiate a cross-region replication for the following considerations:

• Regulatory compliance

  OBS stores data across AZs that are relatively far apart from each other. However, regulatory compliance may require further distances. Cross-region replication enables OBS to replicate data across regions for regulator compliance.

• Minimized latencies

  You are near to two regions. For a shorter latency, you need to access objects from the nearer region.

• Easy maintenance

  You have a computing cluster across regions to analyze the same collection of objects. You need to maintain object replicas in the two regions.

• Data replication

  You need to replicate data from one data center to another.

• Data backup and disaster recovery

  You have stringent requirements on data security and availability. All data written to one data center must have backups in another data center. In case of natural disasters such as earthquakes and tsunamis in the source data center, object replicas in the backup data center can be used to recover data.

Application Limitations

Note the following when using cross-region replication:

• The source bucket and destination bucket must be in the same versioning status.
  • Versioning is disabled for both the source bucket and destination bucket.
  • Versioning is enabled for both the source bucket and destination bucket.
  • Versioning is suspended for both the source bucket and destination bucket.
• The source and destination buckets must be in different regions.
• OBS must be authorized by you to replicate objects from one bucket to another. That is to say, you need to create an OBS agency and assign OBS the Tenant Administrator permission.
• Each object in a bucket can be replicated to only one bucket, and cannot be replicated to any other bucket. The newly generated objects in the destination bucket are called object replicas. For example, replicate object a from bucket A to bucket B. The newly generated object a1 is called an object replica. If you change the destination bucket of A to C, object a cannot be replicated to C. If you set the destination bucket of B to D, object a1 cannot be replicated to D.
• Source objects cannot be at the OBS Archive storage class but destination objects can.
• Objects in the destination bucket can be at the OBS Standard, OBS Infrequent Access, or OBS Archive storage class. If the region of the destination bucket does not support OBS Infrequent Access or OBS Archive, objects are at the OBS Standard storage class.
• Operations on object ACLs in the source and destination regions are sorted in time order, and the latter operation overrides the former one. For example, if the ACLs of the source object and that of the object replica are modified concurrently, the source ACL may override the destination ACL.
• Only when versioning is enabled for the source bucket and destination bucket and no version ID is specified when deleting objects from the source bucket, replicas of the objects will be deleted synchronously from the destination bucket. In other situations, deleting objects from the source bucket will not synchronously delete their replicas from the destination bucket.
• Objects uploaded before cross-region replication is enabled are called historical objects. These objects are not copied to the destination bucket by default. To copy historical objects, you need to configure historical object replication.
• If you want to replicate KMS encrypted objects, you need to authorize the IAM agency the KMS Administrator permissions in the regions where the source and destination buckets reside. After an object (encrypted with any key hosted in KMS and uploaded to the source bucket) is replicated to the destination bucket, the key that encrypts the object changes to the default master key obs/default of the region where the destination bucket resides.

Contents Replicated

OBS replicates the following contents:

• If historical object replication is enabled in a replication rule, objects (excluding Archive objects) will be replicated if they are named after the prefix specified in the replication rule and created before the replication rule is configured.
• Server-side encrypted objects (encrypted in the SSE-KMS mode) if replicating encrypted objects is configured in the rule. Replicas are also encrypted. But objects encrypted in the SSE-C mode are not replicated.
• Object metadata
• OBS replicates only the objects that the bucket owner has permission to read and the objects in the source bucket of the ACL.
• If the ACL of a source object changes, the changes are synchronized to the replica of the source object.
• OBS also replicates the logs generated after the bucket logging is enabled.

Contents Not Replicated

OBS does not replicate the following contents:

• If historical object replication is not configured in the rule, OBS does not replicate the objects that have been uploaded before cross-region replication is enabled. Appended objects are not replicated if they are among the historical objects to be replicated.
• Modifications on the ACL, policy, or lifecycle of the source bucket are not used in the destination bucket. For example, if you modify the lifecycle configuration of the source bucket or add a notification configuration or a bucket policy to the source bucket, these modifications are not used in the destination bucket.
• If versioning is disabled and a DELETE request is initiated for an object in the source bucket, the object is deleted from the source bucket but the deletion is not synchronized with the destination bucket. If versioning is enabled and a DELETE request is initiated for an object with a specified version ID in the source bucket, this object version is deleted from the source bucket but the deletion is not synchronized with the destination bucket. (This object version is not deleted from the destination bucket.) Such a design prevents malicious data deletions.
• Only user operations are replicated. Operations triggered by lifecycle rules are not replicated. For example, if a lifecycle rule is configured for the source bucket, OBS will label expired objects with Delete Markers, but those labels will not be replicated. If lifecycle rules are configured for objects in the source bucket, those lifecycle rules will not be carried over to object replica in the destination bucket.
• Do not delete or overwrite object replicas in the destination bucket, or modify their ACLs. Otherwise the latest objects versions and their ACL settings in the destination bucket may be inconsistent with those in the source bucket.

Setting Cross-Region Replication

Cross-region replication requires a source bucket and a destination bucket. The source bucket and destination bucket must be in different regions, and their versioning statuses must be the same. Each object can be replicated to only one bucket.

You can configure cross-region replication as follows:

• In the OBS account, create an agency to assign OBS the permission to replicate objects.
• Configure cross-region replication for the source bucket.

Configuring Cross-Region Replication

In this part, you need to create the source bucket and destination bucket in separate regions in OBS, keep their versioning statuses the same, and configure the cross-region replication rule for the source bucket.

1. In the OBS console, configure OBS as an agency.
2. Create a source bucket and a destination bucket for the source region and the destination region respectively. For details, see Creating a Bucket.
   1. Create a source bucket in one OBS region, for example cn-east-3.
   2. Create a destination bucket in the other OBS region, for example cn-south-1.
3. Ensure that the versioning statuses of the source bucket and the destination bucket are the same. For details, see Versioning.
4. Configure cross-region replication:

   <ReplicationConfiguration>
         <Agency>crr_agency</Agency>
         <Rule>
               <ID>Rule-1</ID>
               <Status>Enabled</Status>
               <Prefix>key</Prefix>
               <Destination>
                  <Bucket>example_target_bucket</Bucket>
                  <StorageClass>STANDARD</StorageClass>
               </Destination>   
               <HistoricalObjectReplication>Enabled</HistoricalObjectReplication>
          </Rule>
      </ReplicationConfiguration>

   • crr_agency: the OBS agency name.
   • Rule: the replication rule.
   • Status: the cross-region replication status.
   • Prefix: the name prefix of the objects to be replicated.
   • Destination: destination bucket information. StorageClass: the storage class of the objects to be replicated.
   • HistoricalObjectReplication: indicates the replication status of historical objects.

1. Configure cross-region replication for the source bucket. For details, see Configuring Cross-Region Replication for a Bucket in the Object Storage Service API Reference.

Agent Permission

The agent permission can be configured by configuring bucket policy.

After the bucket policy is set, the agent (OBS) has the rights to read objects in the source bucket and copy objects to the destination bucket.

Cross-Region Replication

The configuration of bucket cross-region replication is described in XML format, and may contain multiple rules. The following table describes the configuration elements.

For example:

<?xml version="1.0" encoding="UTF-8"?> 
<ReplicationConfiguration> 
  <Agency>testAcy</Agency>
  <Rule> 
    <ID>rule1</ID> 
    <Status>Enabled</Status> 
    <Prefix></Prefix> 
    <Destination> 
      <Bucket>exampletargetbucket</Bucket> 
      <StorageClass>WARM</StorageClass> 
    </Destination> 
    <HistoricalObjectReplication>Enabled</HistoricalObjectReplication>
  </Rule> 
</ReplicationConfiguration>

After bucket cross-region replication is configured, qualified objects in the source bucket are automatically copied to the destination bucket in the destination region.

Fee Description

The charge of cross-region replication consists of request fee and traffic transmission fee from the source region to the destination region.

For the charging standard, refer to the product pricing details of the source region. KMS encryption fee is charged according to the KMS pricing details. The owner of the source bucket is responsible for the cost.

Example:

Copy a 1 GB object from the source region to the destination region. The charging is as follows:

1 GB * Cross-region replication traffic fee in the source region + 1 * Single request fee in the source region

Upload 100 parts with each part 50 MB to the source region, and copy them after merging to the destination region. The charging is as follows:

100 * 50 MB/1024 MB * Copy traffic fee in the source region + 102 * Single request fee in the source region