Integrate security

Restrict access with Upload Account settings

You can control a user’s access by establishing various settings in the upload account they use to access a specific storage group. For example, you can do any of the following:

  • Set the account to “Read-only” access. The user will only be able to view storage group content, and not manipulate it in any way.
  • Establish Directory Restrictions, Default Upload Directories, or Subdirectory Restrictions. These settings allow you to fine tune where the user logs in to the storage group, and specifically what directories in that group they can access and upload content.
  • Establish Access Control List (ACL) Rule Sets. These are collections of IP addresses or geographic regions ("geos") that you create to either allow or block their access to a storage group. They serve as an added method of security for non-secure Access Methods (FTP), because they help prevent man-in-the-middle password sniffing.

Use Secure Authentication

For authentication and security purposes, it's recommended that you use “Secure Authentication” to access NetStorage.


Using secure access methods to transfer data to NetStorage may slightly affect performance, versus using a non-secure access method such as FTP. (However, it is obviously a much more secure method of transfer.)

You can use the following access methods to securely connect to NetStorage:

  • SFTP. Secure File Transfer Protocol
  • SCP . Secure Copy
  • Rsync. Remote Synchronization (if using SSH)
  • CMShell. Our proprietary, secure Content Management Shell
  • NetStorage Usage API. A secure application programming interface that allows you to configure transfer and management of content
  • Aspera Upload Acceleration. A third-party application that runs in conjunction with NetStorage that allows accelerated, secure transfer.


The NetStorage Usage API differs from the other secure access methods. It does not require an SSH Key nor does it use “sshacs” as its “Username” for access. Specific details on its use and security requirements are discussed in the “NetStorage Usage API.”

Set up inbound Firewall Rules

You should set up these rules for your local machine, to allow access from NetStorage servers.

How to

  1. Log in to Control Center (
  2. Go to COMMON SERVICESFirewall change notifications.
  3. Select Manage Subscriptions.
  4. Click Subscribe Users.
  5. Select NetStorage Content Mgmt:ObjectStore & Aspera.
  6. Input at least one valid Email Addresses.
  7. Click Subscribe.