faq.md

+---
+languages:
+  - en
+  - cs
+---
+
+# FAQ - Frequently Asked Questions 
+Frequently asked questions can be found in the [Data Storage documentation](FAQ - Frequently Asked Questions).

index.md

@@ -3,20 +3,35 @@
 hide:
   - toc
 ---
-# Data Management Services
+# Data Storage Services
 
 Data Management Services is a portfolio of services allowing to facilitate the whole data workflow needed for research and academic communities.
 
 <div class="grid cards" markdown>
 
--   :fontawesome-solid-server:{ .lg .middle } __Data Storage Services__
+
+-   :fontawesome-solid-server:{ .lg .middle } __S3 Service__
+
+    ---
+
+    **S3** is a general service suitable for most of the usecases (archives, backups, special applications...). It also allows to share your data with other users or publicly via link. It can be connected from all over the world ;-).
+
+    [:octicons-arrow-right-24: Overview of S3 Service](./object-storage/s3-service.md)<br/>
+    [:octicons-arrow-right-24: Favourite S3 Clients](./object-storage/s3-clients.md)<br/>
+    [:octicons-arrow-right-24: Advanced S3 Functions](./object-storage/s3-features.md)<br/>
+    [:octicons-arrow-right-24: Veeam setup against S3](./object-storage/veeam-backup.md)<br/>
+
+
+
+-   :fontawesome-solid-server:{ .lg .middle } __RBD Service__
 
     ---
 
-    Do you need common **Data Storage Services**?
+    **RBD** is Rados Block Device service. **RBD** is Rados Block Device service. The prerequisite for this service is a Linux machine with a public IPv4 address.
+
+    [:octicons-arrow-right-24: Overview of RBD Service](./object-storage/rbd-service.md)<br/>
+    [:octicons-arrow-right-24: Setup of RBD Service](./object-storage/rbd-setup.md)<br/>
 
-    [:octicons-arrow-right-24: Object Data Storage](https://du.cesnet.cz/en/navody/object_storage/start)   
-    [:octicons-arrow-right-24: Filesystem Data Storage](https://du.cesnet.cz/en/navody/sluzby/start)   
 <!---    
 [:octicons-arrow-right-24: Account properties and lifecycle](/account/properties)   
 --->
@@ -27,20 +42,21 @@ Data Management Services is a portfolio of services allowing to facilitate the w
 
     Do you need to cooperate with your colleagues, edit documents and share data?
 
-    [:octicons-arrow-right-24: Owncloud](https://du.cesnet.cz/en/navody/owncloud/start)   
-    [:octicons-arrow-right-24: Onlyoffice](https://du.cesnet.cz/en/navody/onlyoffice/start)   
+    [:octicons-arrow-right-24: ownCloud](https://du.cesnet.cz/en/navody/owncloud/start)   
+
+    [:octicons-arrow-right-24: ONLYOFFICE](https://du.cesnet.cz/en/navody/onlyoffice/start)   
 
 <!---    
 [:octicons-arrow-right-24: Account properties and lifecycle](/account/properties)   
 --->
 
--   :fontawesome-solid-server:{ .lg .middle } __Long Tail Data Preservation__
+-   :fontawesome-solid-server:{ .lg .middle } __Longterm Data Preservation__
 
     ---
 
     Do you need to archive your data in the binary reliable data storage?
 
-    [:octicons-arrow-right-24: Longtail Preservation - CZ only](https://du.cesnet.cz/cs/navody/ltp/start)   
+    [:octicons-arrow-right-24: Longterm Preservation - CZ only](https://du.cesnet.cz/cs/navody/ltp/start)   
 
 <!---    
 [:octicons-arrow-right-24: Account properties and lifecycle](/account/properties)   

mkdocs.yml

 site_name: "storage"
 
 nav:
-  - Object Storage Guides: ./index.md   
-  - Object Storage Guides: ./object-storage.md   
+  - Data Storage Services: index.md
+  - S3 Service: 
+    - S3 Overview: object-storage/s3-service.md
+    - Fauvorite S3 clients: object-storage/s3-clients.md
+    - Advanced S3 features: object-storage/s3-features.md
+    - Veeam backup over S3: object-storage/veeam-backup.md
+  - RBD Service:
+    - RBD Overview:  object-storage/rbd-service.md
+    - RBD Setup:  object-storage/rbd-setup.md
+  - FAQ: faq.md 

object-storage/aws-cli.md

+---
+languages:
+  - en
+  - cs
+---
+
+# AWS CLI tool for command line usage
+
+AWS CLI is a common tool allowing to control S3 service. AWS CLI tool is written in python.
+
+## AWS CLI installation
+
+To install AWS CLI we recommend using [official AWS docummentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html). There you can find the guide on how to install AWS CLI on Linux and Windows as well.
+
+???+ note "AWS-CLI in virtual environment"
+    If you need to install AWS CLI in the virtual environment you can use [this guide](https://docs.aws.amazon.com/cli/latest/userguide/install-virtualenv.html).
+
+## Configuration of AWS CLI
+
+???+ note "User profile"
+    To configure AWS CLI we recommend using the option `--profile` which allows you to define multiple user profiles with different user credentials. Of course, you can also use the settings without the option `--profile`. All commands will be the same, you will just omit the option `--profile`. AWS will then use the **default** settings.
+
+!!! warning
+    In the configuration wizard, it is necessary by the option **Default region name** to hit the space bar. If you will not put the space into “Default region name” the config file will not contain **region** parameter. You will then obtain the error related to **InvalidLocationConstraint** during the usage **aws s3**.
+
+In the following, we will demonstrate the AWS CLI configuration. Following exemplary commands utilize the `--profile` option.
+
+    aws configure --profile test_user
+    AWS Access Key ID [None]: xxxxxxxxxxxxxxxxxxxxxx
+    AWS Secret Access Key [None]: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+    Default region name [None]:
+    Default output format [None]: text
+
+_AWS Access Key ID_ - access key, obtained from data storage administrator<br/>
+_Secret Access Key_ - secret key, obtained from data storage administrator<br/>
+_Default region name_ - Here just press the space bar!!! Some software tools can have special requirements, e.g. Veeam, in that case, insert storage<br/>
+_Default output format_ - choose the output format (json, text, table)<br/>
+
+???+ note "Endpoint URL"
+    For smooth operation is necessary to use option `--endpoint-url` with particular S3 endpoint address provided by CESNET.
+
+!!! warning
+    **Multipart S3 upload - the maximal size of the file is limited up to 5 GB**. It's a best practice to use aws s3 commands (such as aws s3 cp) for multipart uploads and downloads because these aws s3 commands automatically perform multipart uploading and downloading based on the file size. By comparison, **aws s3api** commands, such as aws s3api create-multipart-upload, should be used only when aws s3 commands don't support a specific upload need, such as when the multipart upload involves multiple servers, a multipart upload is manually stopped and resumed later, or when the aws s3 command doesn't support a required request parameter. More information can be found on the [AWS websites](https://aws.amazon.com/premiumsupport/knowledge-center/s3-multipart-upload-cli/).
+
+## Controls of AWS CLI - high-level (s3)
+
+To show the help (available commands) you can use help - **aws s3** tool allows you to use several advanced functions, see below.
+
+    aws s3 help
+
+### Operation with buckets
+???+ note "Unique name of the bucket"
+    The bucket name has to be unique within tenant. It should contain lower letters, numbers, dashes, and dots. The bucket name should begin only with a letter or number and cannot contain dots followed by a dash or dots preceded by a dash or multiple dots. We also recommend not using “slash” in the bucket name. Using the slash will disallow the usage of the bucket via API.
+
+**Bucket creation**
+    
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz mb s3://test1
+
+**Bucket listing**
+    
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz ls
+    2019-09-18 13:30:17 test1
+
+**Bucket deletion**
+
+    aws s3  --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz rb s3://test1
+
+### Operation with files
+**File upload**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz cp C:/Users/User/Desktop/test_file.zip s3://test1
+    upload: Desktop\test_file.zip to s3://test1/test_file.zip
+
+**File download**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz cp s3://test1/test_file.zip C:\Users\User\Downloads\
+    download: s3://test1/test_file.zip to Downloads\test_file.zip
+
+**File deletion**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz rm s3://test1/test_file.zip 
+    delete: s3://test1/test_file.zip
+
+### Directory/Folder operation
+???+ note ""
+    The content of the source folder is always copied while using the following command. It does not depend on the slash character at the end of the source path. The behavior of **aws** is in this perspective different than the rsync behavior. If you wish to have the source directory in the destination you can add the name of the source directory to the destination path. **AWS tool will create the directory in the destination while copying the data**, see the exemplary commands below. The same is valid in the case of directory downloads or synchronization via **aws s3 sync**.
+
+**Upload the directory**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz cp C:\Users\User\Desktop\test_dir  s3://test1/test_dir/ --recursive
+
+**Download the directory**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz cp s3://test1/test_dir C:\Users\User\Downloads\test_dir\ --recursive
+
+**Directory deletion**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz rm s3://test1/test_dir --recursive
+
+**Directory sync -> upload to cloud**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz sync C:\Users\User\Desktop\test_sync  s3://test1/test_sync/
+
+**Directory sync -> download from cloud**
+
+    aws s3 --profile test_user --endpoint-url https://s3.cl2.du.cesnet.cz sync s3://test1/test_sync/ C:\Users\User\Downloads\test_sync
+
+## Controls of AWS CLI - api-level (s3api)
+
+**aws** tool allows the usage of **aws s3api** module. This module provides advanced functions to control S3 service, see below. The configuration of credentials and connections is the same like for **aws** in the beginning of this guide.
+
+The set of available commands can be obtained by the following command with the option **help**. Alternatively is the complete list available in the [AWS website](https://docs.aws.amazon.com/cli/latest/reference/s3api/index.html).
+
+## Exemplary configuration file for AWS-CLI
+After successful configuration, the configuration file should be created. You can find the example below. You can find the credentials file in the same path.
+???+ note "Config file"
+    Windows: C:/Users/User/.aws/config<br/>
+    Linux:   /home/user/.aws/config<br/>    
+    <br/>[profile test-user]<br/>
+    region =<br/>
+    output = text<br/>
+
+
+## Special functions of AWS-CLI
+There are several advanced functions in AWS-CLI for sharing the data or its versioning.
+
+### Presign URLs
+For object in S3 service you can generate presign URL to allow your colleagues to download the data. You can find more information the the section dedicated to [advanced S3 features](s3-features.md)
+
+### Bucket policies
+To share your data you can setup so called bucket policies. You can share specific bucket to a specific group (tenant) or make your bucket publicly readable. You can find more information the the section dedicated to [advanced S3 features](s3-features.md)
+
+### Bucket versioning
+You can setup object versioning inside in your buckets. Then you can restore any previous version of the object (file). You can find more information the the section dedicated to [advanced S3 features](s3-features.md)
+

object-storage/cloudberry.md

+---
+languages:
+  - en
+  - cs
+---
+
+# CloudBerry Explorer for Amazon S3
+
+[CloudBerry Explorer](https://cloudberry-explorer-for-amazon-s3.en.softonic.com/) is an intuitive file explorer that helps you manage your S3 account as if it were another folder on your local drive. The program has a double-pane interface and acts as an FTP client, with each window dedicated to a single folder. These locations are not fixed and can be switched to suit your current task: a local computer and a remote S3 server, two local folders, or even two S3 accounts. 
+
+## Cloudberry Installation
+You can use exe installer from [the oficial websites of Cloudberry](https://cloudberry-explorer-for-amazon-s3.en.softonic.com/). When you start the program, it will be always informed about the registration options. Registration is free. Then you receive the key via e-mail and then all pop-ups are avoided.
+
+!!! warning
+    CloudBerry in the FREE version does not support Multipart Upload and Multithreading, which means that it cannot work with files larger than 5GB. Encryption and compression is also enabled in the PRO version.
+
+## Cloudberry Configuration
+Storage configuration can be done via **1. File** menu, where you select **2 Add New Account**. Do not select the Amazon S3 Accounts option, as it does not have the option of entering a service point etc.!
+
+![](cloudberry-screenshots/cloudberry1.png){ style="display: block; margin: 0 auto" }
+
+In the next window Select Cloud Storage - **1. S3 Compatible** option.
+
+![](cloudberry-screenshots/cloudberry2.png){ style="display: block; margin: 0 auto" } 
+
+In the next step you have to fill in S3 credentials including the S3 endpoint.
+
+![](cloudberry-screenshots/cloudberry3.png){ style="display: block; margin: 0 auto" }
+
+Then you can start to upload your data. From the **1. Source selector** you will select your **2. S3 account**, which has been previously configured.
+
+![](cloudberry-screenshots/cloudberry4.png){ style="display: block; margin: 0 auto" }
+
+First you need to **1. Create new bucket** and then you can upload your data into it.
+
+![](cloudberry-screenshots/cloudberry5.png){ style="display: block; margin: 0 auto" }
+

object-storage/cyberduck.md

+---
+languages:
+  - en
+  - cs
+---
+
+# CyberDuck tool
+
+[CyberDuck](https://cyberduck.io/) is a swiss knife tool for various cloud storage providers. It supports FTP, SFTP, WebDAV, OpenStack, OneDrive, Google Drive, Dropbox, etc. 
+
+## Installation
+You can download the exe installer from the [CybeDuck webpage](https://cyberduck.io/) and follow the installation steps.
+
+## Configuration
+
+Setup of new storage can be done via button **New connection** in the left menu.
+
+![](cyberduck-screenshots/cyberduck1en.png){ style="display: block; margin: 0 auto" }
+
+In the following window you can select **Amazon S3** and then insert the URL of the server s3.clX.du.cesnet.cz, where `X` is number asociated with your S3 account (e.g. `cl4`). Then please insert the `acces_key` and `secret_key`. Then you can click on the **Connection** button.
+
+![](cyberduck-screenshots/cyberduck2en.png){ style="display: block; margin: 0 auto" }
+
+The you can create a bucket - in the main directory can be only directories (buckets).
+
+![](cyberduck-screenshots/cyberduck3en.png){ style="display: block; margin: 0 auto" }
+
+While creating the bucket keep default region.
+
+![](cyberduck-screenshots/cyberduck4en.png){ style="display: block; margin: 0 auto" }

object-storage/os-index.md

+---
+# template: home.html
+hide:
+  - toc
+---
+# Object Storage Services
+
+Object Storage Services is a portfolio of services allowing to facilitate your archive and backup data.
+
+<div class="grid cards" markdown>
+
+-   :fontawesome-solid-server:{ .lg .middle } __S3 Service__
+
+    ---
+
+    **S3** is a general service suitable for most of the usecases (archives, backups, special applications...). It also allows to share your data with other users or publicly via link.
+
+    [:octicons-arrow-right-24: Overview of S3 Service](./s3-service.md)   
+    [:octicons-arrow-right-24: Favourite S3 Clients](./rclone.md)   
+    [:octicons-arrow-right-24: Advanced S3 Functions](./rclone.md)   
+    [:octicons-arrow-right-24: Veeam stup against S3](./rclone.md)   
+<!---    
+[:octicons-arrow-right-24: Account properties and lifecycle](/account/properties)   
+--->
+
+-   :fontawesome-solid-server:{ .lg .middle } __RBD Service__
+
+    ---
+
+    Do you need to cooperate with your colleagues, edit documents and share data?
+
+    [:octicons-arrow-right-24: Owncloud](https://du.cesnet.cz/en/navody/owncloud/start)  
+ 
+<!---    
+[:octicons-arrow-right-24: Account properties and lifecycle](/account/properties)   
+--->
+
+</div>
+

object-storage/rbd-service.cs.md

+---
+languages:
+  - en
+  - cs
+---
+# Služba RBD
+
+Rados Block Device **RBD** je blokové zařízení, které si můžete připojit do vaší infrastruktury. Připojení je nutné provést pomocí linuxového stroje (připojení RBD do Windows není v současné době provozně stabilní, proto jej nedoporučujeme). Následně si můžete připojené blokové zařízení reexportovat kamkoliv v rámci vašich systémů (samba remount do vaší sítě). RBD je vhodné zejména pro použití v centralizovaných zálohovacích systémech. RBD je velmi úzce specializovaná služba, která vyžaduje na straně uživatele širší zkušenosti se správou linuxových zařízení. Služba je určena řádově pro větší objemy dat - vyšší stovky TB. Blokové zařízení je možné rovněž na vaší straně opatřit šifrováním (client side) pomocí LUKS. Šifrování na straně klienta rovněž znamená, že přenos dat po síti je šifrován a v případě odposlechnutí během přenosu není možné data dešifrovat.
+
+!!! warning
+    Připojení RBD je možné pouze z dedikovaných IPv4 adres, které jsou povoleny na firewallu. Pokud stroj, na který chcete připojit RBD, má pouze IPv6 adresu, tak **NE**bude RBD možné připojit a budete muset využít službu S3. RBD obraz je možné následně připojit pouze na jednom zařízení, není možné, aby si každý z vašich uživatelů připojil stejné RBD na svoji pracovní stanici - za předpokladu, že RBD není použito pro clusterovaný file systém. Použití clusterovaných filesystemů nad RBD je potřeba nejdříve konzultovat s podporou Datových úložišť CESNET.
+
+???+ note "Jak získám službu RBD?"
+    Pro získání služby RBD prosím kontaktujte náš support:
+    `support@cesnet.cz`
+
+----
+## Základní případy užití služby RBD
+V následujících sekcích naleznete základní případy užití týkající se služby RBD.
+
+### Zálohování velkých data setů vyžadující lokální filesystém
+Pokud máte centralizovaný zálohovací systém (sada skriptů, bacula, BackupPC…) vyžadující lokální filesystém, pak vám doporučujeme použití [služby RBD](rbd-setup.md), viz níže. RBD obraz je možné připojit přímo ke stroji, kde běží centrální zálohovací systém, jako blokové zařízení. RBD je možné opatřit snapshoty viz, popis služeb, jako ochranu proti nechtěnému přepsání anebo ransomware útoku.
+
+![](rbd-service-screenshots/central_backup.png){ style="display: block; margin: 0 auto" }
+
+### Centrální share pro vnitřní potřeby instituce
+Pokud ukládáte živá data a potřebujete na úložiště pouštět jednotlivé uživatele, pak můžete využít [službu RBD](rbd-setup.md), kterou si připojíte k vám do infrastruktury pomocí linuxového stroje. Na připojeném blokovém zařízení si můžete udělat souborový systém, případně jej opatřit šifrováním a dále je reexportovat dovnitř vaší infrastruktury například pomocí samba, NFS, ftp, ssh, aj. (možno i formou kontejnerů zajišťujících distribuci protokolů do vaší interní sítě). Šifrování na straně klienta rovněž znamená, že přenos dat po síti je šifrován a v případě odposlechnutí během přenosu není možné data dešifrovat. Výhodou je, že si můžete vytvářet skupiny a spravovat práva zcela dle vašich preferencí, případně použít vaši lokální databázi uživatelů a skupin. Blokové zařízení RBD je dále možné opatřit snapshoty na úrovni RBD, tudíž pokud dojde k nechtěnému odmazání dat je možné se vrátit například ke snapshotu z předchozího dne.
+
+![](rbd-service-screenshots/shared_distribution.png){ style="display: block; margin: 0 auto" }
+
+## Jak je řešena redundance dat - replicated vs erasure coding?
+Níže jsou popsány druhy konfigurace služby RBD, které řeší redundaci dat nad úložným poolem. Služba RBD může být vybavena **replicated** nebo **erasure code (EC)** redundancí a dále **synchronní nebo asynchronní geografickou replikou**
+
+### Replicated
+Vaše data jsou na úložišti uložena ve třech kopiích. V případě poškození dat v jedné kopi jsou původní data stále čitelná v nepoškozené formě a na pozadí dojde k obnově poškozených dat. Použití služby s příznakem replicated rovněž umožňuje rychlejší čtení, protože je možné číst ze všech replik najednou. Použití služby s příznakem replicated snižuje rychlost zápisu, protože operace zápisu čeká na potvrzení zápisu ze všech třech replik. Naopak čtení je rzchlejší, peorože dochází ke čtení ze všech replik současně.
+
+
+???+ note "Vhodné pro?"
+    Vhodné pro menší objemy živých dat s preferencí rychlostí čtení (ne příliš vhodná pro velké datvé objemy).
+
+### Erasure Coding (EC)
+Erasure coding (EC) je metoda ochrany dat, jedná se o obdobu dynamického RAID známého z diskových polí. Erasure coding (EC) je metoda, kde jsou data rozdělena na jednotlivé fragmenty, které jsou následně uloženy s určitou redundancí napříč datovým úložištěm. Pokud tedy dojde k selhání některých disků (nebo celého storage serveru), tak jsou data stále přístupná a na pozadí dojde k jejich obnovení. Není tedy možné, aby vaše data ležela na jednom disku, který se poškodí a vy o data přijdete. Tato technologie je vhodná pro živější data (rychlejší zápis), ktere nevyžadují časté čtení. Zároveň je tato technologie úspornější co do množství obsazeného místa.
+
+???+ note "Vhodné pro?"
+    Vhodné např. spíše pro ukládaní velkých datových objemů.
+
+### RBD snapshoty
+Na úrovni RBD (replikované/erasure coding) je možné použít snapshoty. Ovládání snapshotů se provádí z klientské strany. [RBD snapshotování](rbd-setup.md) je jedna z možností náhrady za `tape_tape` politiku v případě mirroringu snapshotu do jiné geografické lokality.
+ 
+### Synchronní geografická replika
+Synchronní geografická replika chrání před výpadkem datového centra. Synchronní geografická replika zhoršuje rychlost zápisu, protože systém čeká na úspěšné potvrzení zápisu na obou geografických lokacích. Pokud máte dojem, že potřebujete tuto službu, tak se nám ozvěte.
+
+### Asynchronní geografická replika
+Asynchronní geografická replika chrání částečně před výpadkem datového centra (může dojít ke ztrátě určitých dat mezi jednotlivými asynchronními synchronizacemi z důvodu časové prodlevy). U asynchronní geografické repliky je však čas v případě poškození dat (ransomware) zasáhnout a přerušit synchronizaci. Pokud máte dojem, že potřebujete tuto službu, tak se nám ozvěte.                                                                                                         

object-storage/rbd-service.md

+---
+languages:
+  - en
+  - cs
+---
+# RBD Service
+
+The Rados Block Device **RBD** is a block device that you can connect into your infrastructure. The connection must be done using a **Linux machine** (RBD connection to Windows is not yet implemented in reliable manner). Subsequently, you can re-export the connected block device anywhere within your systems (samba remount to your network). RBD is particularly suitable for use in centralized backup systems. RBD is a very specialized service that requires the user to have extensive experience in managing Linux devices. The service is intended for larger volumes of data - hundreds of TB. The block device can also be encrypted on your side (client side) using LUKS. Client-side encryption also means that the transmission of data over the network is encrypted, and in case of eavesdropping during transmission, the data cannot be decrypted. Access to the service is controlled by virtual organizations and coresponding groups.
+
+!!! warning
+    RBD connection is only possible from dedicated IPv4 addresses that are enabled on the firewall in our Data Centers. An RBD image can only be subsequently mounted on **ONE** machine, it is not possible for each of your users to mount the same RBD on their workstation - having said that the RBD is not used as clustered file system. Usage of clustered file systems over RBD must first be consulted with Data Care support.
+
+???+ note "How to get RBD service?"
+    To connect to RBD service you have to contact support at:
+    `support@cesnet.cz`
+
+----
+## RBD elementary use cases
+In the following section you can find the description of elementary use cases related to RBD service.
+
+### Large dataset backups requiring local filesystem
+If you have a centralized backup system (script suite, bacula, BackupPC…) requiring local file system, then we recommend you to use [RBD service](rbd-setup.md), see the figure  below. The RBD image can be connected directly to the machine where the central backup system is running, as a block device. RBD can then be equipped with snapshots, see service description, as protection against unwanted overwriting or ransomware attacks.
+
+![](rbd-service-screenshots/central_backup.png){ style="display: block; margin: 0 auto" }
+
+### Centralized shared storage for internal redistribution
+If you need to store live data and need to provide the storage for individual user, then you can use [RBD](rbd-setup.md) service which you can connect to you infrastructure using a Linux machine. You can create a file system on the connected block device, or equip it with encryption, and then re-export them inside your infrastructure using, for example, samba, NFS, ftp, ssh, etc. (also in the form of containers ensuring the distribution of protocols to your internal network). Client-side encryption also means that the data transmission over the network is encrypted and the data cannot be decrypted once the transmission is sent. The advantage is that you can create groups and manage rights according to your preferences, or use your local database of users and groups. The RBD block device can also be equipped with snapshots at the RBD level, so if data is accidentally deleted, it is possible to return to a snapshot from the previous day, for example.
+
+![](rbd-service-screenshots/shared_distribution.png){ style="display: block; margin: 0 auto" }
+
+## RBD Data Reliability (Data Redundancy) - replicated vs erasure coding
+In the section below are described additional aproaches for data redundancy applied to the object storage pool. RBD service can be equipped with **replicated** or **erasure code (EC)** redundancy or with **synchronous/asynchronous geographical repliacation**.
+
+### Replicated
+Your data is stored in three copies in the data center. In case one copy is corrupted, the original data is still readable in an undamaged form, and the damaged data is restored in the background. Using a service with the replicated flag also allows for faster reads, as it is possible to read from all replicas at the same time. Using a service with the replicated flag reduces write speed because the write operation waits for write confirmation from all three replicas.
+
+???+ note "Suitable for?"
+    Suitable for smaller volumes of live data with a preference for reading speed (not very suitable for large data volumes).
+
+### Erasure Coding (EC)
+Erasure coding (EC) is a data protection method. It is similar to the dynamic RAID known from disk arrays. Erasure coding (EC) is a method where data is divided into individual fragments, which are then stored with some redundancy across the data storage. Therefore, if some disks (or the entire storage server) fail, the data is still accessible and will be restored in the background. So it is not possible for your data to be on one disk that gets damaged and you lose your data.
+
+???+ note "Suitable for?"
+    Suitable, for example, for storing large data volumes.
+
+### RBD snapshots 
+Snapshots can be used at the RBD (replicated/erasure coding) level. Snapshots are controlled from the client side. [RBD snapshotting](rbd-setup.md) is one of the replacement options for the `tape_tape` policy - snapshots mirrored to another geographic location, see below.
+
+### Synchronous geographical replication
+Synchronous geographical replication protects against data center failure. Synchronous geographical replication degrades write speed because the system waits for a successful write confirmation at both geographic locations. If you feel that you need this service, please contact us.
+
+### Asynchronous geographical replication
+Asynchronous geographical replication partially protects against data center failure (certain data may be lost between individual asynchronous synchronizations due to time lag). However, with an asynchronous geographical replication, in case of data corruption (ransomware), you can disrupt the replication and safe your data. If you feel that you need this service, please contact us.