Use the following checklist when planning the security configuration for a production, distributed AIStor Server. Required steps Step ☐ Define group policies either on AIStor or the selected 3rd party Identity Provider (LDAP/Active Directory or OpenID Connect). ☐ Define individual access policies on AIStor or the selected 3rd party Identity Provider. ☐ Configure AIStor to use the selected 3rd party Identity Provider. ☐ Grant firewall access for TCP traffic to the Object Store S3 API Listen Port (Default: 9000). ☐ Grant firewall access for TCP traffic to the AIStor Server console port (Recommended Default: 9443). Encryption-at-rest AIStor Object Store supports Server-Side Encryption using AIStor Key Manager:

AIStor Object Locking (“Object Retention”) enforces Write-Once Read-Many (WORM) immutability to protect versioned objects from deletion. AIStor supports both duration based object retention and indefinite legal hold retention. AIStor Object Locking provides key data retention compliance and meets SEC17a-4(f), FINRA 4511(C), and CFTC 1.31(c)-(d) requirements as per Cohasset Associates. Overview

The mc alias list command lists all configured aliases in the AIStor Client configuration. Syntax Example The following command lists all aliases:

Description The mc batch commands allow you to run one or more job tasks on an AIStor deployment. Subcommands mc batch includes the following subcommands:

The mc event add command adds event notification triggers to a bucket. AIStor automatically sends triggered events to the configured notification target. Syntax EXAMPLE The following command creates a new event notification trigger for all PUT and DELETE operations for the mydata bucket on the myaistor AIStor deployment:

This page documents settings for enabling external identity management using an Active Directory or LDAP service. See Configure AIStor for Authentication using Active Directory / LDAP for a tutorial on using these settings. MinIO recommends using the mc idp ldap commands for LDAP management operations. These commands offer better validation and additional features, while providing the same settings as the identity_ldap configuration key. The identity_ldap configuration settings remains available for existing scripts and other tools.

This page documents settings for configuring an Elasticsearch service as a target for Bucket Notifications. See Publish Events to Elasticsearch for a tutorial on using these settings. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.

This page covers settings that configure the Erasure Code parity to use for objects written to the AIStor cluster. This impacts how AIStor uses the space on the drive(s) and how AIStor can recover objects stored on lost drives or similar issues. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.

AIStor Server includes three groups of environment variables to manage how the server interacts with the AIStor Key Management Service (KMS), Key Encryption Service (KES), or static key files. You may only define one of the three sets, where defining more that one group results in errors and failure to start. Each configuration setting controls fundamental AIStor behavior and functionality. Test configuration changes in a lower environment, such as DEV or QA, before applying to production. Define any one set of these environment variables in the host system prior to starting or restarting the AIStor process. Refer to your operating system’s documentation for how to define an environment variable.

This page covers settings that control core behavior of the AIStor process. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.