This section documents steps for installing and managing AIStor Server on macOS™ host machines. Procedure Install AIStor Server onto the macOS host The easiest way to install AIStor Server on macOS is using Homebrew.

Create and manage users and groups directly in AIStor. Configure built-in identity management alone or together with external identity providers.

AIStor implements Transport Layer Security (TLS) 1.2+ encryption with support for Server Name Indication (SNI) for selecting relevant TLS certificates in response to client requests. You must set up TLS before you can enable data encryption, also called server-side encryption. AIStor supports the following types of certificate signatures: self-signed internal or private certificate authorities (CAs) third-party CAs Multiple certificates are implemented with SNI to determine which certificate to return to a client based on the hostname in the request.

Configure identity providers for AIStor including built-in users, OpenID Connect, Active Directory/LDAP, and plugins for external solutions.

AIStor Server publishes its server logs to the system console. These logs can include errors, information output, or other information useful during troubleshooting or debugging. Server logs do not emit for all operations and cannot support audit trail or similar compliance requirements. If you require such a trail, configure and use audit logging instead. You can read the server logs using any of the following methods: Run journalctl -u minio from any host machine. Run mc admin logs against the AIStor deployment. Publish server logs to HTTP webhook AIStor supports publishing logs to a webhook consumer through an HTTP PUT operation, where the body of the request is the log as a JSON document.

Use AIStor Object Lifecycle Management to create rules for time or date based automatic transition or expiry of objects. For object transition, AIStor automatically moves the object to a configured remote storage tier. For object expiry, AIStor automatically deletes the object. AIStor derives its behavior and syntax from S3 lifecycle for compatibility in migrating workloads and lifecycle rules from S3 to AIStor. For example, you can export S3 lifecycle management rules and import them into AIStor or vice-versa. AIStor uses JSON to describe lifecycle management rules and may require conversion to or from XML as part of importing S3 lifecycle rules.

The AIStor Access Management Plugin provides a REST interface for offloading authorization through a webhook service. AIStor sends the request and credential details for every API call to the configured external HTTP(S) endpoint and looks for a response of ALLOW or DENY. AIStor can therefore delegate the access management to the external system instead of relying on S3 policy based access control. Configuration settings You can configure the AIStor External Access Management Plugin using the following environment variables or configuration settings.

This section provides documentation for administering AIStor Object Store deployments. Use this documentation to configure identity and access management, manage objects and buckets, set up replication, and configure the features that control how your deployment operates. AIStor requires authentication for every operation and uses policy-based access control to define authorized actions. Use AIStor’s Identity and Access Management (IAM) controls to manage who can access your deployment and what they can do, whether you use the built-in identity manager or integrate with external providers like OpenID Connect (OIDC) or Active Directory/LDAP.

AIStor supports publishing an audit log of all operations to a remote receiver. The audit logging feature meets security and compliance requirements around granular tracking of operations within an AIStor deployment. AIStor does not by default publish audit logs to any destination. Audit logs can contain private and internal details such as hostnames, IP addresses, and object names. The remote receiver takes responsibility for processing, storing, and securing all incoming audit logs.

The mc admin accesskey ls command lists users, access keys, or temporary security token service keys managed by the AIStor deployment. You can use mc admin accesskey ls as an alias to this command. Syntax Example The following command lists all access keys associated to the user with username admin1 on the deployment at alias myaistor: