Replication
Versioning
Observability
Encryption
Key Management Server
S3 Compatibility
Object Immutability
Catalog
Object Prompt
Identity + Access Mgt
Firewall
AIHub
Lifecycle
Cache
Events and Lambdas
Console
Erasure Code Calculator
Reference Hardware
Integrations with MinIO
Download MinIO Object Store
Events
How to Use Nginx, LetsEncrypt and Certbot for Secure Access to MinIO
Learn how to secure, load balance and scale your MinIO instances with Nginx, LetsEncrypt and Certbot.
Read more...
MinIO Network Encryption - It's All Good
Encrypting network traffic is low-hanging fruit when securing IT infrastructure. MinIO follows a pragmatic approach when it comes to TLS. It has to be secure, it has to be performant and it has to be simple. Things that matter In almost all cases, there are just a couple of things we need to take into consideration: * The TLS version. * The
Read more...Backing up LXD Instances with LXMIN
LXD is a next generation system container and virtual machine manager for Linux systems from Canonical Ltd. LXD lets you manage your containers with a simple command line tool or via a REST API. LXMIN (lex-min) is a simple backup and restore tool for LXD instances (containers or virtual machines) using MinIO object storage. It provides both a command line
Read more...Erasure Coding 101
Learn how Reed-Solomon erasure coding provides data protection for distributed object storage at scale.
Read more...Secure Multi-tenant Object Storage for Internal and External Apps
Learn how to add external TLS certificates to MinIO tenants and access them using SNI.
Read more...Ransomware in 2022: Protect Your Backups
In 2022, every business must take precautions to protect against the serious threat of ransomware. In 2020 and 2021, we saw an increase in the number and severity of ransomware attacks, and 2022 promises to continue this fearsome trend. According to BlackFog [https://www.blackfog.com/2021-ransomware-attack-report/], in 2021 there was a record total of 292 reported ransomware attacks. Of
Read more...Decommissioning Server Pools with mc admin decommission
Decommissioning hardware is an important component of the storage lifecycle - and MinIO has you covered.
Read more...How to Secure MinIO - Part 1
Learn how to secure data in transit, data at-rest and establish role-based access control policies in the first of a series of blog posts about securing MinIO.
Read more...Data Authenticity and Integrity in MinIO
An overview of erasure coding, BitRot protection, encryption, immutability and versioning.
Read more...Securing Hybrid Cloud Object Storage with MinIO IAM
Learn how MinIO uses identity access management to protect objects stored across clouds.
Read more...The Raccoon Attack - It Is All About The Timing
Two days ago, on Sep. 08, research teams from Germany and Israel published a joint research paper [https://raccoon-attack.com/RacoonAttack.pdf] describing another TLS timing attack - called Raccoon. This attack targets all TLS versions up to 1.2. The new attack [https://raccoon-attack.com/] exploits a timing side-channel during the TLS handshake when the Diffie-Hellman (DH) key exchange
Read more...Object Locking, Versioning, Holds and Modes in MinIO
MinIO supports a complete object locking framework offering both Legal Hold and Retention (with Governance and Compliance modes). Object Locking functionality is a requirement for many regulated industries from financial services to healthcare. Lifecycle management is an increasingly critical element in the data ecosystem. Data is the primary asset in most organizations at this point - more so than the
Read more...Introducing KES - Key Management at Scale
KES is a stateless and distributed key-management system for high-performance applications. We built KES as the bridge between modern applications - running as containers on Kubernetes - and centralized KMS solutions. Therefore, KES has been designed to be simple, scalable and secure by default.
Read more...Open Source = Bombproof
Software isn't usually described as bombproof. Particularly the type of software that is responsible for large analytic jobs or machine learning workloads. The words “finicky”, “complex” or in the case of good marketing “professional grade” (meaning you need years of study and multiple certifications) are more common. Bombproof software, however, is one of the many benefits associated with
Read more...C^E — Compression⊕Encryption
Understanding compression and the risks it presents in the compression-ratio side channel.
Read more...Security Advisory
Fixed possibility of authentication bypass against MinIO server Admin API
Read more...Go implementation of Data At Rest Encryption
Introduction Encrypting network traffic is becoming the default. There are standardized protocols like SSH and TLS as well as projects like Let’s Encrypt to protect data sent over the network. TLS for example takes a data stream, chunks the stream into messages and encrypts every message before sending it through the network. TLS ensures that each message is encrypted
Read more...Enterprise-Grade Cloud Storage with NGINX Plus and MinIO
In this post, I explain how to use NGINX and NGINX Plus as a reverse proxy and load balancer for MinIO servers.
Read more...