Product
MinIO Enterprise Object Store
Overview Architecture
Features
MinIO for Public Cloud
AWS GCS Azure
MinIO for Private Cloud
OpenShift SUSE Rancher Tanzu
MinIO for Baremetal
Linux and Windows
Determine your raw and usable capacity Erasure Code Calculator MinIO's Recommended Hardware Configuration Reference Hardware
Solutions
AI Storage Object storage is powering the AI revolution. Learn how MinIO is leading the AI storage market through performance at scale. Modern Datalakes Modern, multi-engine datalakes depend on object stores that deliver performance at scale. Learn more about this core MinIO use case. Hybrid Cloud Effective multi-cloud storage strategies rely on utilizing architecture and tools that can function seamlessly across diverse environments. Equinix Repatriate your data onto the cloud you control with MinIO on Equinix to lower costs while maintaining public cloud adjacency. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. Snowflake Query and analyze multiple data sources, including streaming data, residing on MinIO with the Snowflake Data Cloud. No need to move the data, just query using SnowSQL. SQL Server Discover how to pair SQL Server 2022 with MinIO to run queries on your data on any cloud - without having to move it. HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions. Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Integrations Browse our vast portfolio of integrations.
Community
GitHub Join our GitHub open source community: explore, experiment, ask questions, and contribute. Slack Channel The MinIO Community Slack provides an open forum for discussing topics related to MinIO. All support is provided on a best-effort basis.
Docs Blog Resources Training Partner Pricing Download

Cloud-Native Object Storage Architectures: Single-Tenant vs Multi-Tenant

Matt Sarrel Matt Sarrel @msarrel Matt Sarrel on Cloud Native
Cloud-Native Object Storage Architectures: Single-Tenant vs Multi-Tenant

Software-defined object storage is a horizontal software play and, as a result, MinIO has customers across industries and workloads. No two deployments are the same. Customers have different requirements depending on the location (public cloud, private cloud, edge) and the use case (backup, AI/ML, data lake, IoT, analytics, artifactory).

One of the architectural questions our customers and community face is the nature of the deployment. Is MinIO going to support a single application such as Veeam backup or replace a storage appliance in order to support cloud native apps? Or is MinIO going to support a more dynamic environment with multiple applications, such as Object Storage as a Service or a Cloud Native AI/ML initiative?

Software-defined MinIO, with its flexibility and rich set of cloud-native integrations, can be deployed in single or multi-tenant modes, and this post is designed to help you determine the appropriate architecture for your deployment.

Single-Application, Single-Tenant

A relatively straightforward rule of thumb is that if you are running a single application, you can opt for a single-tenant, multi-user architecture. For example, in the aforementioned Veeam backup use case, we would recommend running a single MinIO tenant. In this case, your single-tenant could be on bare metal, virtual machines, or Kubernetes. MinIO is flexible and its efficient binary provides the best object storage performance that the underlying hardware supports.  

Replacing a NAS appliance is another example of a single application with multiple users. We always recommend that you begin your migration by exporting all the home directories from an existing NAS appliance into a single bucket on a single MinIO tenant. Then, update login scripts to mount that bucket with drive mappings, while configuring MinIO IAM and PBAC to set and enforce permissions. This result is that no one can access anyone else’s data without explicit permission, and you’ve eliminated the silo of a NAS appliance and the burden of complexity caused by the NAS home directory structure.

The key to a single-tenant, multi-user scenario is to focus on data access and file-sharing rather than on establishing and applying controls based on file and directory structure. A better way is to protect data with bucket-specific S3 access policy.

Object Storage as a Service — The Foundational Multi-Tenant Use Case

MinIO is more frequently deployed as multiple tenants on Kubernetes. This architecture provides complete isolation between tenants and efficiently scales with the number of users and applications and the amount of data stored in MinIO.

One common use case is Object Storage as a Service, providing a self-service portal for developers, DevOps, and data science teams. The mind-boggling hurdle of complexity required to build and maintain such an environment on your own is overcome by the operational efficiency of deploying the MinIO plugin and MinIO Operator on Kubernetes. MinIO Operator works on any Kubernetes distribution — Red Hat OpenShift 4.7+, VMware vSphere 7.0u1, SUSE Rancher or stock upstream. Further, MinIO will work on any public cloud provider such as Amazon Elastic Kubernetes Service, Google Kubernetes Engine, or Azure Kubernetes Service.  

Running multiple MinIO tenants is extremely efficient in a containerized architecture that is orchestrated by Kubernetes. This architecture is frequently deployed because it can be operated efficiently at scale. Massive numbers of users and applications accessing multi-petabyte object storage stretch resources — both systems and the humans who run them — to their limit. Achieving cloud-native hyperscale requires separating functions and scaling them independently as needed, and this includes object storage.

MinIO is designed for hyperscale operations, which require simplicity. Simple is predictable — when things fail you know exactly what failed and can troubleshoot it. From the beginning, enterprise cloud architects must isolate workloads, yet take a whole system approach so they know how the system should behave and how components should interact.

It is simple to create tenants either by command line or by graphical user interface. But there’s way more to object storage as a service than creating tenants. Each MinIO tenant has the full feature set available to it, is fully isolated, and separately configured. Multi-tenant with MinIO Operator is easy, repeatable, declarative, and can be updated without disruption while running each tenant in a separate namespace for security isolation. Now you have the power of hyperscale at your fingertips: Kubernetes manages the operations and configurations non-disruptively, with the tenant as the unit of scale.

Integration with other cloud-native applications and services further simplifies operations to enable object storage as a service. It couldn’t be easier to secure MinIO tenants with an external identity provider such as LDAP/Active Directory or an OpenID provider. MinIO integrates into existing infrastructure for monitoring and alerting such as Prometheus and Grafana. Tiering can be accomplished declaratively by using Kubernetes StorageClasses to allocate sets of HDD and NVMe drives depending on each tenant’s performance requirements.

Application First

As a general rule, when planning MinIO deployments, it’s more important to create buckets and security policies around applications than it is to design them around users. Each application works with its own bucket. For multiple groups and users, we recommend using an external Identity and Access Management (IAM) solution and relying on bucket-specific S3 access policy.

Single or Multi-Tenant: The Choice is Yours

The cloud-native way is to focus on microservices, applications, and frameworks. In order to be successful, you need to maintain that focus when selecting and deploying object storage. Software-defined MinIO can be deployed anywhere in single or multi-tenant configurations. Integration with external IAM and S3 access policies round out the enterprise equation.

Do you have questions about deploying MinIO to meet your requirements? Ask on Slack or send us an email at hello@min.io.

Previous Post Next Post
S3 Select Security Modern Data Lakes Apache Presto SQL Performance S3 Brand/Design Golang Programming Cloud Computing Microservices Docker AWS Kubernetes Apache Spark Open Source Benchmarks Integrations SUBNET Edge Computing Sidekick Secure-by-Design Splunk Veeam Intel Apache Nifi Immutability Software Defined Storage VMware Apache Arrow Hybrid Cloud Red Hat OpenShift Multicloud Scalability Cloud Field Day Cloud Native Apache Kafka Architect's Guide Awards Operator's Guide Security Advisory AI/ML AGPLv3 Apache Hadoop SFD Azure GCP Observability Analytics R H20 DirectPV DevOps Apache Iceberg Apache Hudi YouTube Summaries EKS Elastic Load Balancers CI/CD Object Storage Compliance opentelemetry BC/DR Storage Newsletter Predictions Best Practices Dremio New MinIO Features partners Small Files Databases DuckDB PostgreSQL Delta Lake Cloud Repatriation Python Object Lambdas Data Pipelines Cloud Operating Model Webhook ClickHouse Vector Database Events Value Engineering Change Data Capture Enterprise Object Store GitOps Case Study Equinix