This procedure downloads and installs the AIStor Server onto bare-metal hosts running Red Hat Enterprise Linux Review the Hardware and System Requirements to ensure your target infrastructure meets our guidance. You can also open a SUBNET issue to request an architecture review or assistance during deployment. MinIO strongly recommends using only RHEL releases in the Full Support lifecycle with Long-Term Support (LTS) Kernels in the 6.12 or later release series, such as RHEL 10. See Linux Kernel Requirements for recommended distributions and performance details.

This procedure provides guidance for enabling Server-Side Encryption (SSE) using MinIO KMS as the Key Management Service (KMS). Enabling SSE on an MinIO AIStor deployment automatically encrypts the backend data for that deployment using the default encryption key selected during the setup process.

MinIO AIStor implements Transport Layer Security (TLS) 1.2+ encryption with support for Server Name Indication (SNI) for selecting relevant TLS certificates in response to client requests. You must set up TLS before you can enable data encryption, also called server-side encryption. MinIO AIStor supports the following types of certificate signatures: self-signed internal or private certificate authorities (CAs) third-party CAs Multiple certificates are implemented with SNI to determine which certificate to return to a client based on the hostname in the request.

Overview MinIO AIStor supports keeping multiple “versions” of an object in a single bucket. When enabled, versioning allows MinIO AIStor to keep multiple iterations of the same object. Write operations which would normally overwrite an existing object instead result in the creation of a new version of the object. MinIO AIStor versioning protects from unintended overwrites and deletions while providing support for “undoing” a write operation. Bucket versioning is a prerequisite for configuring object locking and retention rules.

MinIO AIStor supports deploying resources onto macOS hosts for local development and evaluation. For the purposes of evaluation or local development, MinIO recommends using a machine released in the last 4 years with at least 8 GB of RAM. You can use any supported version of macOS. For testing or local development using a virtualized environment, use a machine with a higher number of cores and 16 or 32GB of RAM.

Install on Red Hat Enterprise Linux Deploy MinIO AIStor onto RHEL 10+

Configure load balancers and Ingress controllers for MinIO AIStor on Kubernetes. Includes examples for NGINX, HAProxy, and Traefik.

This page describes how to enable FIPS 140-3 ready cryptography for MinIO AIStor deployments on Kubernetes. When enabled, FIPS mode restricts cryptographic operations to algorithms that align with the Federal Information Processing Standards (FIPS) 140-3 program. Organizations subject to U.S. federal government compliance requirements, or those with similar regulatory needs, may require FIPS-aligned cryptography. MinIO AIStor FIPS mode uses Go’s native cryptographic module, which restricts operations to FIPS 140-3 approved algorithms. MinIO makes no statements or representations regarding FIPS 140-3 certification status. Evaluate whether this implementation meets your specific compliance requirements. Overview MinIO AIStor uses Go 1.24’s native FIPS 140-3 cryptographic module. Enable FIPS mode at runtime with the GODEBUG environment variable. There is no separate binary required.

MinIO AIStor supports publishing bucket notification events to a NATS service endpoint. Prerequisites The MinIO AIStor mc command line tool This procedure uses the mc command line tool for certain actions. See the mc Quickstart for installation instructions. Add a NATS endpoint to an AIStor Server The following procedure adds a new NATS service endpoint for supporting bucket notifications in an AIStor Server.

This page documents the steps necessary to remove a peer site from existing Site Replication configuration. Remove the peer site using MinIO AIStor Console In a browser, access the Console for one of the existing replicated sites.