Cloud MAM — Enterprise Media Archival with Intelligent Storage Tiering

Enterprise media and content teams face a familiar problem at scale: terabytes of growing archival media, expensive on-premises storage, slow ingest workflows, and no unified way to browse, preview, or retrieve content without moving full-resolution files around. Storage costs climb linearly with content volume. Retrieval requires IT tickets. Previews require downloading full-resolution masters. And security controls on traditional NAS / file-share deployments rarely match the expectations of modern compliance frameworks. The team needed a cloud-native solution that could: accept large file uploads reliably even over unstable connections; generate lightweight browse proxies automatically so users could preview content without downloading masters; deliver files to end users with fine-grained access control and time-limited URLs; optimize storage economics automatically by moving infrequently-accessed content to cheaper storage tiers; and maintain a complete audit trail for compliance and operational visibility. The constraint: no credentials in pipeline code, no secrets in configuration files, and every action - upload, access, download, rename, move - logged for audit.

We designed and built Cloud MAM as a cloud-native archival architecture anchored on Google Cloud Storage with a FastAPI + PostgreSQL control plane. Upload reliability was solved through resumable upload sessions and chunked transfer handling, allowing large assets to complete even over unstable network conditions. Ingest logic creates stable unique keys and metadata records first, then orchestrates upload completion, status transitions, and post-processing workflows. For browse experience, we implemented an adaptive transcoding pipeline using ffprobe for stream inspection and ffmpeg for profile-based encode or remux decisions. Three proxy profiles (MICRO, TINY, USER240) support low-bandwidth scrubbing and faster timeline preview while preserving server efficiency. Temp-file optimized processing prevents repeated downloads during transcode, and proxy objects are stored separately from masters for deterministic access behavior. Storage architecture uses intelligent class assignment and lifecycle movement across STANDARD, NEARLINE/COLDLINE/ARCHIVE tiers based on access patterns. Proxies remain in hot storage for instant preview, while masters age into lower-cost tiers automatically. Access delivery is fully zero-secret: clients never receive cloud credentials, signed URLs are short-lived and scope-limited, and all entitlement checks are enforced server-side. We also implemented a hierarchical filesystem abstraction on top of object storage to support enterprise folder semantics, category/subcategory organization, and hybrid NAS ingest workflows through SMB/CIFS integration. Security and governance include JWT auth, TOTP-based 2FA, role-based authorization, quota enforcement, stream tokenization, and comprehensive activity logging with export support for compliance and audit review.

The Periscope Labs MAM is a production cloud archival platform running on cloud infrastructure with zero dependency on on-premises storage. Browse proxies stay in STANDARD for fast preview streaming. Master files are automatically tiered to NEARLINE, COLDLINE, or ARCHIVE based on access patterns - cutting storage costs by 60-80% for aged content. No credentials in pipeline JSON. No secrets in config files. JWT authentication with 2FA. Full audit trail exportable as CSV, Excel, and PDF. Direct SMB/CIFS integration enables selective ingest from enterprise NAS into cloud archive with scheduled deletion of source files after successful archival. The platform serves as both a production product and a proof point for Periscope Labs' cloud engineering depth.