Original Message:
Sent: Thu March 14, 2024 02:15 PM
From: RUTH Hildebrand-Lund
Subject: FileNet and S3 level Content encryption and decryption and S3 tiering
Ques 1: Can customer use S3 tiering with FileNet? They want to move older content to infrequent access S3 and perhaps even to Glacier. Does FileNet support that?
To do the move between storage, use the Move Sweep capability provided in ACCE. You would configure the sweep to move content on a regular basis using criteria you define. The attached document provides more details on the sweep framework and the use of the move sweep.
FileNet support Glacier storage...see the technote referenced in the Hardware section of the FIleNet Content Manager software product compatibility report...it contains (among other things) the following:
AWS S3 Glacier Instant Retrieval Storage | X |
| Requires Glacier Instant Retrieval storage class. There is no support for configurations that use the Glacier Flexible Retrieval or Glacier Deep Archive classes. |
Here is a link to the storage master technote: https://www.ibm.com/support/pages/node/6592835
It is important to ensure that the response from the lower tiered storage is still able to return content in a timely fashion. Otherwise users will receive errors when trying to view the older content.
Ques 2: The content they have on S3 is encrypted by FileNet itself. They want to use that content to build a data pipeline and build AI/ML use-cases with it. Is there a way to either switch from FileNet encryption for S3-level encryption? Or does FileNet provide APIs they can invoke to decrypt content and send it to their data pipeline?
Ans 2: Again, you can use the move sweep in ACCE for this purpose. Set up the new storage area without encryption enabled, and move the existing content to that area. But there is no real need for this. While FileNet stores the content in an encrypted format, when the content is retrieved, it is returned to the calling application (for instance ICN) in an unencrypted format. The calling application does not need to be aware of the encryption.
------------------------------
RUTH Hildebrand-Lund
Original Message:
Sent: Wed March 13, 2024 06:27 AM
From: Pranav Kumar
Subject: FileNet and S3 level Content encryption and decryption and S3 tiering
I am trying to find the correct response for a customer having IBM FileNet P8 v5.5.x on Amazon EKS where FileNet documents are stored in Amazon S3. Can you validate this response or provide more detail.
Ques 1: Can customer use S3 tiering with FileNet? They want to move older content to infrequent access S3 and perhaps even to Glacier. Does FileNet support that?
Ans 1: Yes, it supports. Content Platform Engine does not have any special handling for content retrieval from different storage tiers. As long as the transition and retrieval from the different storage tiers is transparent to Content Platform Engine, it is supported. Refer section "Storage Tiering" in below link…
https://www.ibm.com/support/pages/s3-storage-device-support-content-platform-engine
Ques 2: The content they have on S3 is encrypted by FileNet itself. They want to use that content to build a data pipeline and build AI/ML use-cases with it. Is there a way to either switch from FileNet encryption for S3-level encryption? Or does FileNet provide APIs they can invoke to decrypt content and send it to their data pipeline?
Ans 2: A custom program can be used to move content from one storage area to another. Moving content is functionally equivalent to adding content to the destination storage area. based on the current encryption setting for the destination storage area, you can move content for the decryption purposes. Refer below IBM link for details,https://www.ibm.com/docs/pl/filenet-p8-platform/5.5.x?topic=stored-content-encryption
------------------------------
Pranav Kumar
------------------------------