These are the roles that are needed:

  • Admin
  • Read storage
  • Write storage
  • Reindex storage

On-premise files storage

It's possible to work with iconik even if you want to keep your files just on your own storage devices. This will work even if you have multiple locations such as multiple offices. This usually means that only the keyframes( thumbnail) / proxy files are kept in the cloud. To facilitate this workflow we use the iconik Storage Gateway that will index and make iconik aware of all your files.


  • Use existing investments in on-premise storage.
  • Make files that are on-premise globally accessible to your users as needed.


  • Makes it harder to download your original hi-res files from the cloud.
  • Transfers between two location need to have VPN or similar between the locations.
  • Allows remote working with proxies only.
  • Can't use the web based uploader.
  • Can't upload using our NLE integration.

Planning for On-premise setup.

These steps are typically steps that our customers go through when designing a Hybrid approach:

  1. Understand where your users will be accessing and storing files.
  2. Gather future requirements for files and their accessibility and plans for storage.
  3. Calculate how many files are added per day - both in filesize and what type of files they typically are. If they are video files also check to see how many minutes and at what resolution they are.
  4. If you are purchasing storage devices consider using storage devices that run the iconik Storage Gateway.
  5. Build an overview of a design of workflow of how your users typically work with files.
  6. Gather any requirements for Review and Approve with users external to your normal organization.
  7. Understand what User Groups you have in your organization and any need to keep their content separate or if they share freely between the teams.
  8. If you use an Identity provider - check the capabilities of what you use and whether they implement SAML.

Even if you are not starting from a completely new system, going through the above exercise will mean you should have all the information needed to start working with iconik.

Designing an on-premise solution.

Once you have gathered the information we can see how this can map to iconik.

  1. On-premise storage will utilize the iconik Storage Gateway (ISG). Typically it's one ISG per storage, whether that is a SAN, NAS or file server device. The ISG can run on most Windows Servers, MacOS machines and Linux servers (see the iconik Storage Gateway pages for more information). If your storage device is separate this might mean procuring additional servers or capacity. The ISG pages list the minimum resources per stream, but typically we suggest using 4 cores per real time encoding stream of 1080p video. If you have many more minutes coming in per day than this guideline would be able to cope with, you can add more cores to be able to process more in any given day. e.g. 16 cores can be configured to encode 4 streams at once.
  2. If you are planning on encoding and reading from storage devices that are also being used as high-performance video editing storage - please note that this extra capacity should be take into account.
  3. Each storage device should have one ISG.
  4. If you have multiple locations that all share the same central storage - you only need an ISG on this central storage. You can always expand at a later date with more storage and additional iconik Storage Gateways.
  5. For those using an external Identity Provider that supports SAML this can make User and User Group management much easier, check our admin pages on SAML Authentication to understand more.

Setting up.

Once you have done the design work and requirements gathering it's time to start building out with iconik.

We recommend that you start with a small test by installing the iconik Storage Gateway on test machine or a desktop and just sharing out a simple directory or two to get a feeling for how iconik works and the capabilities.

  1. If you do wish to implement an Identity Provider this is the logical place to start. See the instructions on how to set this up here. If not, start by setting up your Users and organizing them into User Groups
  2. You do not have implement any cloud storage for the proxies or keyframes - this can be left as the default that we provide.
  3. Start by setting up an iconik Storage Gateway and then configuring it (../editing/files) making sure to read the steps 4-6 in this guide while setting up.
  4. If you probably have file duplicates and need to watch out for duplicate files in the future, turn on Consider identical files the same. This can be done from the editing screen under Scan Settings
  5. If you require that only certain user groups can use certain storage devices, or access only certain files:
    1. ACL templates can be used for each User Group that requires unique access to the files that come from a particular storage. Any new file that comes from a storage with an ACL Template applied (see editing storage for your particular storage) will then get this ACL applied to it - controlling who can see it. So to do this, create the ACL Templates and then apply to the storage. Each storage can have one ACL template.
    2. Storage ACLS can be used to control who has access to use an upload or access a particular storage and useful for restricting who can interact with a particular storage.
    3. An ACL Template to use for each User Group.
  6. If you have files or directories that shouldn't be shown in iconik these can be configured for ignoring in the editing screen under Scan Settings.
  7. Test that it works, and dropping in new files to the storage makes them show up!

And done!

Future enhancements

Although this workflow provides a lot of new possibilities to how your work with your files, even greater flexibility can be gained from adopting a hybrid cloud approach done by adding cloud storage. You do not need to keep all your files in the cloud, but use it as a staging area for uploads using the web browser or NLE integrations, or for transfers.

Learn more