Updated on 2024-10-17 GMT+08:00

Data Protection

OBS takes different measures to keep data stored in OBS secure and reliable.

Table 1 Data protection measures

Measure

Description

Reference

Transmission encryption (HTTPS)

OBS supports HTTP and HTTPS, but HTTPS is recommended to enhance the security of data transmission.

Constructing a Request

Data redundancy

OBS uses the Erasure Code (EC) algorithm, instead of multiple copies, to ensure data redundancy. Compared with the multi-copy redundancy, EC delivers a higher storage space utilization while maintaining the same reliability level.

When creating a bucket on OBS, you can choose a data redundancy policy. Choosing the multi-AZ storage will make your data redundantly stored in multiple AZs in the same region. If one AZ becomes unavailable, data can still be properly accessed from the other AZs. The multi-AZ storage is ideal for scenarios that demand high reliability.

Creating a Bucket

Data integrity verification (MD5)

During object uploads or downloads, data may become inconsistent due to network hijacking, caching, and other reasons. OBS verifies data consistency by calculating the MD5 value when data is uploaded or downloaded.

Data Consistency Verification

Server-side encryption

With server-side encryption enabled, objects you upload to OBS will be encrypted into ciphertext before they are stored on the server. When objects are downloaded, they will be decrypted on the server first and then returned in plaintext to you.

Server-Side Encryption

Cross-region replication

You can configure cross-region replication rules to automatically, asynchronously replicate data from a source bucket to a destination bucket in another region. This provides you with the capability for disaster recovery across regions, catering to your needs for remote backup.

Cross-Region Replication

Versioning

When versioning is enabled for a bucket, OBS can keep multiple versions of an object in the bucket. That way you can quickly retrieve and restore every object version as needed, or recover data from both accidental actions and application failures.

Versioning

Critical operation protection

With this function enabled, the system authenticates user's identity when they perform any risky operation like deleting a bucket. This enhances the protection for your data and configuration.

Critical Operation Protection