- access keys
A MinIO deployment or tenant user account with limited account typically used with API calls. Access Keys were previously referred to as “Service Accounts”
A method of replication that provides bidirectional mirroring of data. With active-active configuration, changing the data at at any storage location also changes the data at the other storage location(s).
See also: active-passive.
A method of replication that provides one-way mirroring of data. With the active-passive configuration, changing data at the originating location also changes the data at the destination. However, changing data at the destination does not affect the data on the origin.
See also: active-active.
A locally defined reference to a MinIO Deployment used in most command line interface operations. See
mc alias set.
- audit logs
Granular descriptions of each operation on a MinIO deployment. Audit logs support security standards and regulations which require detailed tracking of operations.
See also: server logs.
- bit rot
Data corruption that occurs without the user’s knowledge.
MinIO combats bit rot with hashing and erasure coding.
- bit rot healing
Objects corrupted due to bit rot automatically restore to a healed state at time of read. MinIO captures and heals corrupted objects on the fly with its hashing implementation.
A grouping of objects and associated configurations.
A group of drives and one or more MinIO server processes pooled into a single storage resource.
See also: tenant.
- cluster registration
Cluster registration links a MinIO deployment to a SUBNET subscription. An organization may have more than one MinIO clusters registered to the same SUBNET subscription.
- MinIO Console
Graphical User Interface (GUI) for interacting with a MinIO deployment or tenant.
One of the two types of blocks MinIO writes when doing erasure coding. Data blocks contain the contents of a file.
Parity blocks support data reconstruction should data blocks become corrupt or go missing.
Process of removing a pool of drives from a distributed deployment. When initiated, the objects on the decommission pool drain by moving to other pools on the deployment.
The process is not reversible.
A specific instance of MinIO containing a set of buckets and objects.
- disk encryption
The conversion of all of the contents written to a disk to values that cannot be easily deciphered by an unauthorized entity. Disk encryption can be used in conjunction with other encryption technologies to create a robust data security system.
A description of an isolated area within a stateful Key Encryption Service (KES) server. A KES server may have one enclave or multiple enclaves. Each enclave within a KES server holds separate keys, policies, and administration identity. An enclave cannot see or make use of any other enclave on the server.
For example, you might use multiple enclaves to hold completely separate key stores for multiple MinIO tenants within a single stateful KES server.
- encryption at rest
A method of encryption that stores an object in an encrypted state. The object remains encrypted while not moving from one location to another.
Objects can be encrypted by the the server using one of key management methods: SSE-KMS, SSE-S3, or SSE-C.
- encryption in transit
A method of encryption that protects an object when moving it from one location to another, such as during a GET request. The object may or may not be encrypted on the origin or destination storage devices.
- erasure coding
A technology that splits objects into multiple shards and writes the shards to multiple, separate drives.
Depending on the topology used, erasure coding allows for loss of drives or nodes within a MinIO deployment without losing read or write access.
- erasure set
A group of drives within MinIO that support erasure coding. MinIO divides the number of drives in a deployment’s server pool into groups of 4 to 16 drives that make up each erasure set. When writing objects, data and parity blocks write randomly to the drives in the erasure set.
The use of an algorithm to create a unique, fixed-length string (a value) to identify a piece of data.
Restoration of data from partial loss due to bit rot, drive failure, or site failure.
- health diagnostics
A suite of MinIO API endpoints available to check whether a server is
available for writing data
available for reading data
available for maintenance without affecting the cluster’s read and write operations
- host bus adapter
A circuit board or integrated circuit adapter that connects a host system to a storage device. The HBA handles processing to reduce load on the host system’s processor.
- IAM integration
MinIO only allows access to data for authenticated users. MinIO provides a built-in identity management solution to create authorized credentials. Optionally, MinIO users can authenticate with credentials from a 3rd party identify provider (IDP), including either OpenID or LDAP providers.
Initialism for “Just A Bunch of Drives”. JBOD is a storage device enclosure that holds many hard drives. These drives can combine into one logical drive unit.
See also: RAID
- lifecycle management
Rules to determine when objects should move or expire.
A rule that prevents removal or deletion of an object until an authorized agent removes the rule or it expires.
The act of reviewing the status, activity, and availability of a MinIO cluster, deployment, tenant, or server. MinIO provides the following tools:
Prometheus compatible metrics and alerts
- multi-node multi-drive
A system topology that uses more than one server and more than one drive per server to host a MinIO instance. MinIO recommends Kubernetes for distributed deployments.
- multipart upload
Multipart upload is a client-initiated S3 function that splits a single object into multiple parts for moving from one location to another. The client uploads each part independently to MinIO, and MinIO manages reconstructing those received parts into the original object.
Multipart uploads provide benefits such as improved throughput and resiliency to network errors. Use multipart uploads for objects greater than 100MB in actual or estimated size for best results.
See Amazon AWS documentation for more details.
- network encryption
A method of securing data during transit from one location to another, such as server-server or client-server. MinIO supports Transport Layer Security (TLS), version 1.2 and later, for both incoming and outgoing traffic.
An item of data MinIO interacts with using an S3-compatible API. Objects can be grouped into buckets.
- Operator Console
The Graphical User Interface (GUI) to deploy and manage the MinIO tenants in a distributed deployment environment.
The portion of blocks written for an object by MinIO to support data reconstruction due to missing or corrupt data blocks. The number of parity blocks indicates the number of drives in the erasure set that a deployment can lose while still retaining read and write operations.
Prefixes organize the objects in a bucket by assigning the same string of characters to objects that should share a similar hierarchy or structure. Use a delimiter character, typically a / to add layers to the hierarchy. While prefixed objects may resemble a directory structure in some file systems, prefixes are not directories.
MinIO itself does not limit the number of objects that any specific prefix can contain. However, hardware and network conditions may show performance impacts with large prefixes.
Deployments with modest or budget-focused hardware should architect their workloads to target 10,000 objects per prefix as a baseline. Increase this target based on benchmarking and monitoring of real world workloads up to what the hardware can meaningfully handle.
Deployments with high-performance or enterprise-grade hardware can typically handle prefixes with millions of objects or more.
SUBNET| Enterprise accounts can utilize yearly architecture reviews as part of the deployment and maintenance strategy to ensure long-term performance and success of your MinIO-dependent projects.
Initialism for “Redundant Array of Independent Disks”. The technology merges multiple separate physical disks into a single storage unit or array. Some RAID levels provide data redundancy or fault tolerance by duplicating data, striping data, or mirroring data across physical disks.
See also: JBOD.
The replication of a bucket or entire site to another location.
- MinIO Scanner
One of several low-priority processes MinIO runs to check:
lifecycle management rules requiring object transition
bucket or site replication status
object bit rot and healing
- self signed certificates
A self-signed certificate is one created by, issued by, and signed by the company or developer responsible for the content the certificate secures. Self-signed certificates are not issued by or signed by a publicly trusted, third-party Certificate Authority (CA). These types of certificates do not expire or require periodic review, and they cannot be revoked.
- server logs
minio serveroperations logged to the system console. Server logs support general monitoring and troubleshooting of operations.
For more detailed logging information, see audit logs.
- server pool
A set of
minio servernodes which combine their drives and resources to support object storage and retrieval requests.
- service account
Renamed to access keys. A MinIO deployment or tenant user account with limited account typically used with API calls.
A portion of an object after being erasure coded by MinIO. Each “shard” represents either data or parity for MinIO to use for reconstructing objects on read requests.
For more detailed information, see Erasure Coding.
- single-node multi-drive
A system topology that deploys MinIO on one compute resource with more than one attached volume.
- single-node single-drive
A system topology that deploys MinIO on a single compute resource with a single drive. This adds S3-type functionality to an otherwise standard filesystem.
A method of encryption at rest that encrypts an object at the time of writing with an encryption key included with the write request. To retrieve the object, you must provide the same encryption key provided when originally writing the object. Additionally, you must self-manage the encryption key(s) used.
See also: SSE-KMS, SSE-S3, encryption at rest, network encryption.
A method of encryption at rest that encrypts each object at the time of writing with separate keys managed by a service provider. Use keys at either the bucket level (default) or at the object level. MinIO recommends the SSE-KMS method for key management of encryption.
See also: SSE-S3, SSE-C, encryption at rest, network encryption.
A method of encryption at rest that encrypts each object at the time of writing with a single key for all objects on a deployment. A deployment uses a single external key to decrypt any object throughout the deployment.
See also: SSE-KMS, SSE-C, encryption at rest, network encryption.
MinIO’s Subscription Network tracks support tickets and provides 24 hour direct-to-engineer access for subscribed accounts.
In a distributed mode, a specific MinIO deployment. One instance of the MinIO Operator may have multiple tenants.
The hardware configuration used for a deployment. MinIO works with three topologies:
The retention of multiple iterations of an object as it changes over time.
A webhook is a method for altering the behavior of a web page or web application with a custom callback. The format is typically JSON sent as an HTTP POST request.
Write Once Read Many (WORM) is a data retention methodology that functions as part of object locking. Many requests can retrieve can view a WORM-locked object (
read many), but no write requests can change the object (