CloudStor Storage Offering for AARNet Customers
AARNet connected customers that pay an AARNet Access Agreement subscription fee are entitled to a free tier that provides the following:
- Individual space of up to 1TB per staff and researchers (including post-graduate research students);
- Group drive space cumulatively to 10TB per institution;
- External collaborators can be added to group drives, with their storage use counting towards the group drive allocation; and
- Personal space up to 10GB for external research collaborators.
Enterprise Agreement Storage
A CloudStor Enterprise Agreement allows an AARNet customer to add storage (Subscription) to the free tier for an additional annual fee.
To request pricing please contact firstname.lastname@example.org or discuss with an AARNet Customer Relations or eResearch representative.
Enterprise Agreements are only provided at the institutional/organisational level and cannot be provided to individual projects or users.
Storage space provided for each Enterprise Agreement includes:
- Personal researcher and staff space not exceeding the Subscription and excluding the 1TB free tier individual space per user;
- Group drives not exceeding the Subscription and excluding the 10TB free tier group drive space per institution;
- Student space not exceeding the Subscription;
- Others users specified in the AARNet Access Policy (https://www.aarnet.edu.au/images/uploads/resources/AARNet_Access_Policy_040706.pdf) not exceeding the Subscription;
- External collaborators can be added to the customer’s tenancy, with their storage use counting towards the aggregate Subscription; and
- S3 storage not exceeding the Subscription.
AARNet Operations Centre
CloudStor support is managed by the AARNet Operations Centre.
Customers can raise support tickets either by mailing email@example.com or by logging in to the Operations Centre portal at https://ticket.aarnet.edu.au. Please email the AARNet Operations Centre first to get a customer account in the portal.
The AARNet Operations Centre hours are 8:00 am to 4:00 pm Monday to Friday AEST except national public holidays.
AARNet operates a tiered support service for the CloudStor service:
- Tier 0: Online support Knowledge Base. https://support.aarnet.edu.au/hc/en-us/categories/200217608-CloudStor;
- Tier 1: To be provided by the institution related to the end user. Institution administrators can post questions on the AARNet Cloudstor T1 slack support channel or escalate to Tier 2; and
- Tier 2: Contacting the AARNet Operations Centre.
AARNet operates a status dashboard at https://status.aarnet.edu.au.
CloudStor outage, hazards, alerts and maintenance notifications will be communicated to customers via this dashboard.
Customers can subscribe to receive email and SMS alerts to the change of status.
Customers can subscribe to notifications for the overall CloudStor service, or to notifications for services specific to them (e.g. S3 services).
Service Operating hours
With the exception of scheduled maintenance windows, AARNet makes CloudStor available 24 hours a day, 365 days a year.
Service levels are provided as guidelines for Enterprise Agreement customers. All times are non-binding targets.
AARNet will use all reasonable endeavours to resolve the error/issue/request within the non-binding target resolution time.
Frequency of Updates
An error causes the service; and/or access to the service, to be inoperable.
An error causes a significant part of the service; and/or access to a significant part of the service, to be inoperable.
Other access or production performance related issues that are not integral to the operation and utilisation of the service.
Non-performance related incidents including general questions, request for information, documentation requests, enhancement requests.
CloudStor Nodes and Geographic Replication
CloudStor operates four geographically distributed nodes within Australia: Perth, Melbourne, Canberra and Brisbane.
Nodes are connected by a dedicated 100Gbps or faster private network on the AARNet 4 network.
Data will be stored to the geographically nearest node and replicated to another node (with preference to the next nearest node).
Data replicas are immediately synced to the primary copy. CloudStor will not accept a write function if it cannot ensure replication.
All data is stored on AARNet owned and operated hardware, hosted at AARNet partner and commercial data centres.
AARNet does not host CloudStor based data or metadata outside of Australia.
All data is backed up to tape at our Melbourne node.
- After 24 hours of file existing on CloudStor;
- Always incremental;
- Rolling consolidated;
- 60 day granular file recovery;
- 30 day snapshots up to 12 months; and
- Enterprise Agreement customers: 30 day snapshots up to 5 years.
Any request for the recovery of lost or corrupted data is to be made by the account holder or group drive administrator for that data, otherwise the request must be authorised by the institution’s CIO or DVCR.
Requests are to be raised with the AARNet Operations Centre.
Data is recovered to the nearest available copy to a point in time as identified by the requestor. The Recovery Point Objective (RPO) is 24 hours for file changes within the previous 60 days, and 30 days for file changes after 60 days and within the backup period.
AARNet will use reasonable effort to recover data for non-Enterprise Agreement customers.
For Enterprise Agreement customers, AARNet will initiate a recovery within 2 business days of receiving a recovery request. AARNet will then make all reasonable endeavours to recover data as quickly as possible.
Resilience and Business Continuity
Geographic replication ensures node redundancy and CloudStor resiliency, i.e. if the nearest copy of a file is inaccessible, CloudStor automatically accesses the replica.
If a node becomes permanently unavailable, AARNet will re-replicate data across remaining nodes.
Files that are updated in CloudStor (excluding files updated via S3) are versioned.
CloudStor will delete old file versions automatically, according to the following pattern, to ensure that users do not exceed their storage quotas.
This is the default pattern used to delete versions:
- For the last second CloudStor will keep one version;
- For the last 10 seconds CloudStor keeps one version every 2 seconds;
- For the last minute CloudStor keeps one version every 10 seconds;
- For the last hour CloudStor keeps one version every minute;
- For the last 24 hours CloudStor keeps one version every hour;
- For the last 30 days CloudStor keeps one version every day; and
- If the versions are older than 30 days CloudStor keeps one version every week.
Disk data is encrypted at rest. On the S3 service each disk is encrypted with its own unique key.
Data is transmitted over secure encrypted and authenticated connections.
Public facing services are abstracted behind availability focussed proxy servers, with logging and auditing.
CloudStor infrastructure is on its own private network, isolated from the rest of AARNet and the Internet. Access is by best industry practice techniques, including bastion hosts and 2FA authentication. Only the Cloud Services team at AARNet have configuration rights on CloudStor.
AARNet’s Cyber Security Team are responsible for AARNet’s security and privacy policies and ensuring integrity of its services.
The AARNet Cyber Security Team are responsible for the Cyber Incident Response Plan (IRP) to provide instructions for responding to potential scenarios, such as data breaches, denial of services attacks, virus or malware outbreaks, insider threats or abhorrent violence material (AVM).
The IRP identifies and describes the roles/responsibilities of the incident response team members who are responsible for managing, testing the plan and putting it into action. The plan is aligned to NIST Computer Security Incident Handling Guide.
All activity on CloudStor is logged and stored.
User activity is stored in the CloudStor logging database for 365 days.
Application activity is collected and stored to our central logging platforms.
Enterprise Agreement customers can nominate administrators by completing the form at https://support.aarnet.edu.au/hc/en-us/articles/115009121747-T1-Support-Admin-Access-form-for-Tenant-Portal and submitting it to firstname.lastname@example.org. Note this form must be signed by the customer’s Director of IT Services or person holding a similar position within the customer’s organisation.
Administrators will have access to the Tenant Portal, which will allow them to administer their institution’s/organisation’s tenancy.
Through the Tenant Portal an administrator can:
- Access statistics on usage including number of users, user storage used, amount of purchased storage allocated and amount of purchased storage used and remaining;
- Create group drives and assign group drive administrators;
- Create User Groups;
- Create Collaborator accounts (accounts for accessing CloudStor where AAF access is not feasible);
- Download user lists and summary statistics;
- Manage users to set quotas;
- Assist users in file operations;
- Access activity logs for all users in the tenancy.
For Enterprise Agreement customers AARNet Service Desk staff will provide video conference based CloudStor administrator training and can provide annual refresh training.
For Enterprise Agreement customers AARNet can provide an initial on-site training session for research support staff in the use of CloudStor and techniques for utilising Jupyter Notebooks using the SWAN environment.
Production S3 Gateways are provisioned by AARNet for Enterprise Agreement customers only.
Evaluation S3 Gateways can be provisioned by AARNet for non-Enterprise Agreement customers.
Evaluation S3 Gateways exist on test infrastructure only and do not have any operational support or backups.
S3 Gateway creation is initiated by contacting the AARNet Operation Centre.
Online Collaborative Editing
Any user with the correct sharing privileges may co-edit a document using the Only Office interface. This supports MS Word, Excel and PowerPoint documents.
SWAN Jupyter Notebooks
Any user may access the CloudStor SWAN Jupyter notebooks environment and execute notebook code from within this environment.
First Run Wizard
The First Run Wizard will run when a user accesses CloudStor via a web browser for the first time.
The First Run Wizard will assist users to download the Sync app, set their Sync password and access the “Getting Started with CloudStor” guide.
CloudStor Service Catalogue
A listing of the online services provided within CloudStor can be found here: CloudStor Service Catalogue