How to manage CloudFront Object Invalidation with CloudBerry S3 Explorer

Note: this post applies to CloudBerry Explorer 2.4 and later.

As always we are trying to stay on top of the new functionality offered by Amazon S3 to offer the most compelling Amazon S3 and CloudFront client on Windows platform.

Content Invalidation allows you to remove an object from CloudFront edge locations prior to the expiration time set on that object. Invalidation is designed for unexpected cases where you need to remove an object from an edge location. For instance, you might use invalidation to fix an encoding error on a video you uploaded with a long expiration period, or update the css file for your website if it changes unexpectedly.

The newer version of CloudBerry S3 Explorer automates CloudFront object invalidation. Just go to your distribution, select the objects you want to invalidate and choose CloudFront Invalidation from the context menu.

Note: while both CloudBerry Explorer freeware and PRO support CloudFront object invalidation you can only invalidate multiple objects using the PRO version. With freeware you will have to invalidate objects one by one.

As always we would be happy to hear your feedback and you are welcome to post a comment.

CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/

CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99

Like our products? Please help us spread the word about them. Learn here how to do it.

How to backup to external buckets with CloudBerry Backup

Note: this post applies to CloudBerry Backup 1.7 and later.

CloudBerry S3 Backup is a powerful Windows program that automate backup and restore processes to Amazon S3 cloud storage.

In the release 1.7 we are introducing an option to backup to other user “external” buckets. In this case the user only needs to sign up for a free AWS account and not even specify the credit card. The owner of the master account should provide the user with read / write access to a bucket.

This configuration allows to offer a small scale managed backup service for customers or backup space for the small company employees.  All billing goes to the master account and other users who back up their data to external buckets don’t have to care of credit cards.

How to specify an external bucket

The bucket owner will have to provide the users with the name of the bucket. He will also have to make sure the user has read/write access to the bucket to be able to write data to it. Then simply specify an external bucket name on the account configuration dialog.  Open Amazon S3 account in the File | Amazon S3 Accounts menu.  Click Edit account and click Advanced link. Now simply type an external bucket name as shown on the screen.

How to grant another user access to a bucket

First, you need to know an email address the other user signed up for AWS account. It is very same email address you use to login to AWS Portal.

Use CloudBerry Explorer freeware (or PRO).  (you can do that with S3 Fox and AWS Console if you like) Select the bucket and run the ACL Editor.  Click Add and specify a user email address, jeff.smith@yahoo.com in this example. Check off Read and Write and click ok. You have just granted another user access to your bucket.

You can learn more about External buckets in our previous blog post here.

How to get AWS account

Simply login to the AWS portal and register with your email address. You don’t have to sign up for any service such as Amazon S3 if you only want to back up data to the other user “external” buckets and  you don’t have to specify your credit card.

Security Considerations

In the multiuser environment make sure that each user uses their own encryption password to protect the users from inadvertently see each other files. To make it more secure you can create a bucket per user, but remember you can create only up to 100 buckets per S3 account. Anyways, we don’t think this feature will be used to provide backup space for more than 100 users.

If you need a large scale backup service check out our upcoming Managed Backup Service

As always we would be happy to hear your feedback and you are welcome to post a comment.

+++

CloudBerry Backup is a Windows program that leverages Amazon S3 storage. You can download it at http://backup.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup for WHS is a Windows Home Server add-in that leverages Amazon S3 storage. You can download it at http://whs.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup Server Edition.  is a Windows program designed to run in server environment that leverages Amazon S3 storage. You can download it at http://server.cloudberrylab.com/ . It comes with onetime fee of $59.99 (US) per copy.

Like our products? Please help us spread the word about them. Learn here how to do it.

What’s new in CloudBerry Backup 1.7

Note: this post applies to CloudBerry Backup 1.7 and later.

CloudBerry S3 Backup is a powerful Windows backup and restore that automate backup and restore processes to Amazon S3 cloud storage.

With the release 1.7 of CloudBerry Backup we are introducing more flexible scheduling options, an ability to backup files only since a certain date and Azure storage option support.

First, we have integrated Azure Blob Storage as another storage option in CloudBerry Backup in addition to Amazon S3.  The users can now back up their data to their Azure accounts directly.

Second, ability to backup files since a certain date provides more flexibility for those who want to copy only the newer files to their backup storage. This option is available in the backup wizard.

Third, with the newer release we have added an ability to configure backup schedule down to hours. In the previous releases you were limited to configure scheduled backup to days.

Forth, we are introducing an option to back up to external buckets.  This allows to back up data to other users account while only having a free AWS account.  In other words the owner of the account can provide other users with the rights to read/ write data to a certain bucket and those users can back up their data not having to deal with the details of Amazon account setup and payments.

Finally, we improved a support for backing up network locations. In the previous release we introduced an option to backup network shares. In release 1.7 we extended it with network drives support. Although under the hood CloudBerry Backup resolves network drives to network shares for the end user the whole process is absolutely transparent.

Last, but not least we have also made it possible to run CloudBerry Backup in unattended mode even when run interactively using the console. In the earlier releases when you run the backup using the console you could not close the console or log off and you had to wait before the backup finishes. This limitation is now removed and you can run the backup plan, close the console and even log off from the computer and make sure backup plan will keep running.

Most of the enhancements in this release were implemented based on the user feedback. We would like to thank you our user community for helping us improve the product and please keep the feedback coming! 

We are going to blog about each of the new feature is greater details. Stay tuned.

As always we would be happy to hear your feedback and you are welcome to post a comment.

+++

CloudBerry Backup is a Windows program that leverages Amazon S3 storage. You can download it at http://backup.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup for WHS is a Windows Home Server add-in that leverages Amazon S3 storage. You can download it at http://whs.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup Server Edition.  is a Windows program designed to run in server environment that leverages Amazon S3 storage. You can download it at http://server.cloudberrylab.com/ . It comes with onetime fee of $59.99 (US) per copy.

 

Like our products? Please help us spread the word about them. Learn here how to do it.

How to combine chunks F.A.Q.

Note: this post applies to CloudBerry Backup 1.3 and later.

CloudBerry S3 Backup is a powerful Windows program that automate backup and restore processes to Amazon S3 cloud storage. One of the features that cause some confusing among our users is an ability to break larger files down into chunks. It is designed to make data transfer faster, more efficient and more reliable. However the main drawback is that the files remain chunked on Amazon S3 and you need CloudBerry Backup to get those files back. In the post we are going to answer some of the common questions and shed some lights on the chunking implementation details.

 

Q. Are the encrypted files (.chunk / .map) stored in some form of open/standard format?

A. This is our own format.
The chunks (that end with  "..chunk..#) are data files. It's just a split data stream.
The definition map-file (name ends with "..chunk..map")  is an XML that describes the data stream. It contains the information about compression and encryption algorithms used.

Q. Can I use any S3 client product to browse, download files, and the decrypt the files by some generic decryption utility (supplying the correct passphrase of course) ?

A. You can download all chunks ("chunk..<number") and combine them into single file (in appropriate sequence). This single file is an compressed and encrypted stream (if you used these options).

- If neither compression nor encryption were used, this single file represents the initial unchunked file

- If only compression was used - you can decompress it with WinRAR or WinZIP or any other tool that understands GZIP compression format. Just add ".gz" to file name. Note that if the file name is "file.doc", you should rename it to "file.doc.gz" because gz-file doesn't have the information about the initial file name.
  In this case the map-file contains compresion information:
  <CompressionInfo>
    <compressionAlgo>GZip</compressionAlgo>
    <CompressedSize>719056</CompressedSize>
  </CompressionInfo>

Currently only GZip compression is supported.

- If the encryption is used, the map-file contains  similar information like the one below

  <EncryptionInfo>
    <Hash>IkJ1ObhvcmCD9O7cXFQ1Gs7deg4=</Hash>
    <IV>Iqidz4mdYLXbWLFE6lb4GA==</IV>
    <KeySize>128</KeySize>
    <Algo>AES</Algo>
  </EncryptionInfo>

<Algo>
All encryption algorithms that we use are standard and supported by Microsoft .Net Framework. AES, DES, 3DES and RC2

<KeySize>
Is a key size in bits

<IV>
For all algorithms we use CBC mode  and the PKCS7 padding scheme. The Initialization vector is stored in the map-file (base64-encoded).

<Hash>
This is a base64-encoded SHA1 hash of the encryption key (don't mix up with password). It's used for cases when you try to donwload file and incorrectly entered the password (so you don't need to download for example whole 1 GByte file to know that the apssword is wrong)

For key generation we use MS .Net's Rfc2898DeriveBytes() function with zero salt that uses PKCS #5 standard PBKDF2 function (see http://www.ietf.org/rfc/rfc2898.txt , section 5.2).

So if you have a tool that can accept the initial vector and can generate encryption key using PBKDF2 (password-based key derivation, you might be able to decopmress this single file.

- If the file was both compressed and encrypted. You have to decrypt it first, and then decompress.


So the general algorithm is the next:

1. Download with any S3 tool all chunks: filename..chunk..1, filename..chunk..2, ... , filename..chunk..N

2. Combine these files into single one by appending in the next sequence: 1,2,..., N
   You can do it with some advanced file managers like FAR or Total Commander.
  
3. Download map-file: filename..chunk..map

4. If file is encrypted, decrypt the single file using information form the map.

5. If file is compressed, decompress it by any tool that supports gzip format. For many tools it's better to add ".gz" extension first

Q. Am I required to use a Cloudberry product to decrypt the files? If so, is Cloudberry S3
 Explorer compatible with the storage/encryption format used by WHS Backup?

A. It's possible to get files back with CloudBerry Explorer Pro (in chunk transparency mode). Read about CloudBerry Explorer chunking support here

 

Q.  Is the source code used by WHS Backup for encryption/decryption publicly available?

A. We are going to make a freeware tool for decrypting/decompressing chunked files (that are already downloaded to a local computer) with and make the source code available. Stay tuned.

As always we would be happy to hear your feedback and you are welcome to post a comment.

+++

CloudBerry Backup is a Windows program that leverages Amazon S3 storage. You can download it at http://backup.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup for WHS is a Windows Home Server add-in that leverages Amazon S3 storage. You can download it at http://whs.cloudberrylab.com/ . It comes with onetime fee of $29.99 (US) per copy.

CloudBerry Backup Server Edition.  is a Windows program designed to run in server environment that leverages Amazon S3 storage. You can download it at http://server.cloudberrylab.com/ . It comes with onetime fee of $59.99 (US) per copy.

 

Like our products? Please help us spread the word about them. Learn here how to do it.

 

Introducing Bucket Policy Designer

Note: this post applies to CloudBerry Explorer 2.3 PRO and later.

As always we are trying to stay on top of the new functionality offered by Amazon S3  to offer the most compelling Amazon S3 and CloudFront client on Windows platform.  Ever since we introduced Bucket Policies support a few weeks ago we looked for the way to improve user experience when authoring bucket policy.  Hence we decided to introduce a Policy Designer that helps create policy with a convenient user interface.

You run Policy Designer from the context menu on the bucket level:

You open a dialog like the one below. Click New Statement button.

 

Specify Action

Now click <Select Action>. You will open a dialog with the list of available actions.  To grant read access select GetObject action.

Specify Principle

Now click Specify Principle.

You can find out Principle on AWS Portal, just log in to your account and you will see it in the right top corner as you can see on the screen below.  Make sure you remove dashes when you type and Account Number to CloudBerry Explorer Policy Designer.  

To make it easier to deal with Account IDs we have implemented and an Address Book that will help you to save Account IDs locally and reference them by more friendly names and email addresses.  (You will also be able to run the Address Book from the ACL editor)

 

Specify Resource

Now click to <Specify Resource>

 

To make it easier to specify a resource we have implemented a bucket browser that allows you to pick up a bucket and a path:

 

Conditions

Finally click on with Conditions to run a Condition Editor

Let’s assume you want to protect your content and disallow hotlinking of your images. In our previous blog post we described how you can create a policy that will do just that. With the policy designer you just have to specify aws:Referer in the key and a website name or IP address in the value field:

 

Editor Mode

If you like the old way of editing the policy you can just switch to the editor mode.  We also have an option to reverse engineer the policy from text. Say, if you get the policy script from somewhere else and copy it to the policy editor you can switch to Policy Designer and modify it using the visual tools.

 

Policy Designer is only available in CloudBerry S3 Explorer PRO however we have exciting news for our CloudBerry S3 Explorer freeware users. We are moved a simple policy editor to the freeware version and our freeware users can create and manage policies too.

As always we would be happy to hear your feedback and you are welcome to post a comment.

CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/

CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99  

Like our products? Please help us spread the word about them. Learn here how to do it.

What’s new in CloudBerry S3 Explorer 2.3

Note: this post applies to CloudBerry Explorer 2.3 and later.

As always we are trying to stay on top of the new functionality offered by Amazon S3  to offer the most compelling Amazon S3 and CloudFront client on Windows platform.

This release introduces Visual Designer for Bucket Policies, Address Book, CloudFront Root object support and Welcome Page.

Ever since we introduced Bucket Policies support a few weeks ago we looked for the way to improve user experience when authoring bucket policy.  Hence we decided to introduce a Visual Policy Designer that helps create policy with a convenient user interface.

To make it easier to deal with Account IDs we have implemented and an Address Book that will help you to save Account IDs locally and reference them by more friendly names and email addresses.  (You will also be able to run the Address Book from the ACL editor).

In this release we are introducing a support for CloudFront Default Object. This exciting feature allows you to designate a certain page in your bucket to become a default webpage. Newer release of CloudBerry S3 Explorer allows you to specify default object on the distribution configuration dialog.

And finally, welcome page will help our users to stay on top of CloudBerry Lab news and take advantage of special offers.

As always we would be happy to hear your feedback and you are welcome to post a comment.

CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/

CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99  

Like our products? Please help us spread the word about them. Learn here how to do it.

How to set CloudFront Default Object with CloudBerry S3 Explorer

Note: this post applies to CloudBerry Explorer 2.3 and later.

As always we are trying to stay on top of the new functionality offered by Amazon S3  to offer the most compelling Amazon S3 and CloudFront client on Windows platform.

In this release we are introducing a support for CloudFront Default Object. This exciting feature allows you to designate a certain page in your bucket to become a default webpage. In other words let’s say you host your static website on CloudFront and CNAME is configured for www.mydomain.com

Previously you had to resort to some tricks to be able to access your website using www.mydomain.com URL or give the users a direct URL to your default page e.g. www.mydomain.com/index.html With the Default Object support you can just point your browser to www.mydomain.com and the default index.html page will be served automatically.

Newer release of CloudBerry S3 Explorer allows you to specify default object on the distribution configuration dialog:

As always we would be happy to hear your feedback and you are welcome to post a comment.

CloudBerry S3 Explorer is a Windows freeware product that helps managing Amazon S3 storage and CloudFront . You can download it at http://cloudberrylab.com/

CloudBerry S3 Explorer PRO is a Windows program that helps managing Amazon S3 storage and CloudFront . You can download it at http://pro.cloudberrylab.com/ It is priced at $39.99  

Like our products? Please help us spread the word about them. Learn here how to do it.