• Tylan
    2
    I started with MSP360 & B2 back in 2017 and stored all client data in a single bucket. I think I read something on Reddit about concerns that a hacked endpoint could access the entire bucket. (I don't know if there was really any merit to that.) When synthetic full launched I started using Wasabi and thought I'd make a bucket per customer. I was told here that I shouldn't do that for B2 due to API limitations, but it made sense to have one per customer (not per user).

    Now, I see that B2 has more features on par with Wasabi (Syn full etc) and was considering putting a new customer in their own bucket on B2.

    I saw a recent post saying to only use one bucket, but I didn't want to steal someone else's thread.
    https://forum.msp360.com/discussion/664/multiple-buckets-msp-edition
    https://forum.msp360.com/discussion/2374/should-you-make-separate-buckets-per-company-or-just-one-big-bucket

    I guess from my standpoint it's just like picking a M365 tenant name for a customer - a way to organize and separate the data. I think of it as folder to organize data. My analogy may not be quite perfect, but that was my logic.

    What is the advantage or disadvantage to using a new bucket for each new customer?
    Is the reporting or security any better either way?

    Thanks!
  • David Gugick
    118
    I'd recommend using different encryption passwords for each customer and using a single bucket if possible. I don't think there's any reason to have to manage tens or hundreds of different buckets especially in light of bucket number limitations by many storage providers. If you're looking to make sure that no one can access the data then encrypting even using the same password would be sufficient, but if you're really concerned you can use different passwords for each customer. Presumably you're keeping those passwords safe and away from customers hands and only you the MSP knows them.
  • Tylan
    2
    I always use different encryption passwords, and different passwords for each user. Yes, I keep that info secured.

    I don't have a link to the original reddit thread, but the question was could user 1 maliciously (or via malware) navigate outside of their folder in the bucket, and possibly delete data for user 2 (or the all the contents of the bucket). Seems very unlikely, but I think that's where the idea 1 bucket per customer came from. Possibly some form of isolating customer data from other customers. I don't know if there's any merit to that, but I think that was the logic of multiple buckets.
  • David Gugick
    118
    deleting backups from the agent has been disabled in the latest versions, so that's not really possible without enabling the option in the management console to allow deletes. If you want to manage multiple buckets you certainly can. But I would just keep in mind that there may be bucket # limitations with the cloud vendor you're using. And you may want to plan for contingencies if you get close to reaching that limit.
  • Tylan
    2
    deleting backups from the agent has been disabled in the latest versionsDavid Gugick

    That is a nice safety feature. Can I purge backups from the management console, or I would have to enable the client side deletions if I need to free up space? I'll have to look around.

    I get exactly what you're saying about buckets. It doesn't seem like there's really much of any gain by using more than one. Like I said earlier, I only have one bucket in B2. It's with Wasabi where I was starting to organize (add) buckets.
  • David Gugick
    118
    both options are available to our customers. So you should use the one that you feel is best for your MSP and your customers. As far as deleting, other than deleting the entire set of backups for a particular computer, as an example when you're decommissioning an endpoint from backups and no longer need them; this is supported in the management console from the Users page. For other deletes, you would either have to enable delete functionality temporarily and perform the deletes from the agent or delete them directly in backup storage and synchronize.
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment