What are the optimal methods for a MSP/CSP partner to manage Wasabi accounts?
For Wasabi partners that wish to resell Wasabi Hot Cloud Storage as part of a solution offer, it’s important to understand the optimal methods for provisioning and usage monitoring of Wasabi accounts associated with the end user customers served by Wasabi partners. The recommended method for this is to use the Wasabi Account Control Manager (WACM) or the Wasabi Account Control API . Other non-recommended methods are discussed in this article.
Method #1 - Using the Wasabi Account Control Manager
This method involves the use of a Wasabi-hosted platform for setting up and managing Wasabi sub-accounts. More details on how to proceed with this method are found here.
Method #2 - Using separate Wasabi accounts for each customer (provisioning via Wasabi Account Control API)
This method involves the partner building application logic in their customer portal that allows them to provision and monitor the usage of Wasabi accounts via Wasabi’s REST-based Account Control API. As part of using the Wasabi Account Control API, the partner establishes Wasabi ‘Control Account’ with Wasabi. The partner then uses this Control Account to provision Wasabi ‘Sub-Accounts’ that are associated with end users. If needed, Wasabi can provide a partner test sandbox for use by the partner in developing the app logic on the partner’s portal. Once the partner successfully integrates with the partner sandbox, a Control Account on the production Wasabi service is provided.
The creation of the Control Account and general support of Wasabi Account Control API integration efforts is done in coordination with Wasabi Partner Engineering. The Wasabi Account Control API programming guide is here.
Other methods not recommended by Wasabi:
Using a single folder for each customer
While it is technically possible to use a single folder for each customer, this method is not recommended. This is because Wasabi does not provide per-folder utilization information and complex access control policies are required to ensure that customer 1 can only access their folder data and not the folder data of customer 2.
Using a single bucket for each customer
While it is technically possible to use a single bucket for each customer, this method is not recommended. This is because Wasabi does not provide easy-to-use bucket utilization information and complex access control policies are required to ensure that customer 1 can only access their bucket data and not the bucket data of customer 2.