Practices

After finishing basic operations such as creating a bucket and uploading or downloading an object, you can use the commonly used OBS practices if needed.

**Table 1** Commonly used best practices
Practice		Description
Data security	Enterprise Data Access Control	After subscribing to OBS, enterprises can configure the following four types of access control to control access to their data: Grant only required permissions to employees in different departments to isolate access to the enterprise data. Grant permissions to users of a department or project to download the shared data but not to write or delete the shared data. Allocate IAM users with different roles to each department and use bucket policies to authorize the IAM users independent permissions on resources. Add external buckets on OBS Browser+ to isolate bucket resources between departments.
Data migration	Migrating Local Data to OBS	Huawei Cloud offers diverse solutions for migrating data from on-premises storage servers to OBS in a cost-effective, secure, and efficient way. You can choose a migration solution based on your data volume, time arrangement, and budget.
Data migration	Migrating Data from Third-Party Cloud Service Vendors to OBS	Huawei Cloud Object Storage Migration Service (OMS) can help migrate data from a third-party cloud vendor to OBS. With OMS, you can easily migrate data to OBS by only configuring connection parameters and migration tasks on OBS Console.
Data backup	Using Backup Software to Back Up Local Data to OBS	Third-party backup software, such as Commvault and AnyBackup Cloud, can connect to OBS for data backup. Relying on the backup software, you can customize policies for secure and efficient backups.
Data access	Accessing OBS from an ECS over the Intranet	When accessing OBS from your ECS over an intranet, you can read, back up, and archive data without affecting the Internet bandwidth.
	Accessing OBS Through an NGINX Reverse Proxy	For security purposes, some enterprises need to configure a blacklist or whitelist for external addresses, so a fixed IP address is required for accessing OBS. But an OBS bucket does not have a fixed IP address, because Huawei Cloud DNS always resolves the bucket's access domain name to different IP addresses for secure access. To address this problem, you can set up an NGINX reverse proxy server on an ECS to allow users to access OBS with a fixed IP address.
	Using a User-Defined Domain Name to Host a Static Website	If a company has a large number of static websites for users to access, but does not want to set up servers, it can host its static websites in an OBS bucket, so that users can access the hosted static websites using the domain name bound to the OBS bucket.
Data transmission	Using the PostObject API to Upload Data from a Web Client to OBS	You can use the PostObject API to directly upload files from a web client to OBS, which is called browser-based upload. With this method, you can directly upload data to OBS, without having to upload data to the app server first. This makes data transmission faster and does not impose pressure on the server. Additionally, direct transmission with a signature returned by the server is more secure.
	Uploading Data from Mobile Apps to OBS	OBS is widely used as the storage for mobile Android and iOS apps. To protect application data from leakage and unauthorized access, you are advised to use a temporary security credential or a presigned URL to upload data to OBS.
	Uploading Data from Mini Programs to OBS	Mini programs are now popular in a variety of scenarios. You can upload data to OBS from a mini program.
Data processing	CDN for Download Acceleration	This CDN for Download Acceleration solution automatically caches data stored in OBS on demand to CDN points of presence (PoPs) in different regions, accelerating the access to and download of static resources.