Objects and Versioning
An object is binary data, such as images, audio files, spreadsheets, or even binary executable code. The term “Binary Large Object” or “blob” is sometimes associated to object storage, although blobs can be anywhere from a few bytes to several terabytes in size. Object Storage platforms like AIStor provide dedicated tools and capabilities for storing, listing, and retrieving objects using a standard S3-compatible API.
AIStor Object Storage uses buckets to organize objects.
A bucket is similar to a top-level drive, folder, or directory in a filesystem (/mnt/data or C:\), where each bucket can hold an arbitrary number of objects.
The structure of objects on the Object Store might look similar to the following:
/ #root
/images/
   2020-01-02-MinIO-Diagram.png
   2020-01-03-MinIO-Advanced-Deployment.png
   MinIO-Logo.png
/videos/
   2020-01-04-MinIO-Interview.mp4
/articles/
   /john.doe/
      2020-01-02-MinIO-Object-Storage.md
      2020-01-02-MinIO-Object-Storage-comments.json
   /jane.doe/
      2020-01-03-MinIO-Advanced-Deployment.png
      2020-01-02-MinIO-Advanced-Deployment-comments.json
      2020-01-04-MinIO-Interview.md
With the example structure, an administrator would create the /images, /videos and /articles buckets.
Client applications write objects to those buckets using the full “path” to that object, including all intermediate prefixes.
AIStor supports multiple levels of nested directories and objects using prefixes to support even the most dynamic object storage workloads.
AIStor automatically infers the intermediate prefixes, such as /articles/john.doe from the full object path using / as a delimiter.
Clients and administrators should not create these prefixes manually.
Neither clients nor administrators need to manually create the intermediate prefixes, as AIStor automatically infers them from the object name.
Path vs virtual host bucket access
AIStor supports both path-style (default) or virtual-host bucket lookups.
For example, consider an AIStor deployment with an assigned Fully Qualified Domain Name (FQDN) of aistor.example.net:
- With path-style lookups, applications specify the full path to a bucket, such as aistor.example.net/mybucket.
- With virtual-host lookups, applications specify the bucket as a subdomain, such as mybucket.aistor.example.net/.
Some applications may require or expect virtual-host lookup support when performing S3 operations against AIStor.
To enable virtual-host bucket lookup, you must set the MINIO_DOMAIN environment variable to a  that resolves to the AIStor Deployment.
If you configure MINIO_DOMAIN, you must consider all subdomains of the specified FQDN as exclusively assigned for use as bucket names.
Any AIStor services which conflict with those domains, such as replication targets, may exhibit unexpected or undesired behavior as a result of the collision.
For example, if setting MINIO_DOMAIN=aistor.example.net, you cannot assign any subdomains of aistor.example.net (in the form of *.aistor.example.net) to any AIStor service or target.
This includes hostnames for use with bucket, batch, or site replication.
For deployments with TLS enabled, you must ensure your TLS certificate SANs cover all subdomains of the leftmost domain specified to MINIO_DOMAIN.
For example, the example of MINIO_DOMAIN=aistor.example.net requires a TLS SAN that covers the subdomains of aistor.example.net.
You can set an additional TLS SAN of *.aistor.example.net to appropriately cover the subdomain namespace.
TLS Wildcard rules prevent chaining to additional subdomain levels, such that a TLS certificate with a wildcard SAN of *.example.net would not cover the virtual host lookups at *.aistor.example.net.
Object organization and planning
Administrators typically control the creation and configuration of buckets. Client applications can then use S3-compatible SDKs to create, list, retrieve, and delete objects on the AIStor deployment. Clients therefore drive the overall hierarchy of data within a given bucket or prefix, where Administrators can exercise control using policies to grant or deny access to an action or resource.
AIStor has no hard thresholds on the number of buckets, objects, or prefixes on a given deployment. The relative performance of the hardware and networking underlying the AIStor deployment may create a practical limit to the number of objects in a given prefix or bucket. Specifically, hardware using slower drives or network infrastructures tend to exhibit poor performance in buckets or prefixes with a flat hierarchy of objects. For other considerations, thresholds, or limitations to keep in mind, see Thresholds and Limits.
Consider the following points as general guidance for client applications workload patterns:
- Deployments with modest or budget-focused hardware should architect their workloads to target 10,000 objects per prefix as a baseline. Increase this target based on benchmarking and monitoring of real world workloads up to what the hardware can meaningfully handle.
- Deployments with high-performance or enterprise-grade [hardware](#/reference/aistor-server/checklists/hardware#deploy-minio-distributed-recommendations" %}}) can typically handle prefixes with millions of objects or more.
AIStor customers utilize yearly architecture reviews as part of the deployment and maintenance strategy to ensure long-term performance and success of your AIStor-dependent projects.
For a deeper discussion on the benefits of limiting prefix contents, see the article on optimizing S3 performance.
\ or : characters in object names, regardless of support for those characters in Windows filesystems.
Use / as a delimiter in object names to have AIStor automatically create a folder structure using prefixes.
	Object versioning
The specific client behavior on write, list, get, or delete operations on a bucket depends on the versioning state of that bucket:
| Operation | Versioning Enabled | Versioning Disabled or Suspended | 
|---|---|---|
| PUT(Write) | Create a new full version of the object as the “latest” and assign a unique version ID | Create the object with overwrite on namespace match. | 
| GET(Read) | Retrieve the latest version of the object by default Supports retrieving retrieving any object version by version ID. | Retrieve the object. | 
| LIST(Read) | Retrieve the latest version of objects at the specified bucket or prefix Supports retrieving all objects with their associated version ID. | Retrieve all objects at the specified bucket or prefix | 
| DELETE(Write) | Creates a 0-byte “Delete Marker” for the object as “latest” (soft delete) Supports deleting any object version by version ID (hard delete). You cannot undo hard-delete operations. Refer to Object Deletion for more information. | Deletes the object | 
See Bucket Versioning for more complete documentation.
Object tagging
AIStor supports adding custom tags to an object.
A tag is a key-value pair included in the metadata of an object.
Tags can be used to control access with policies or locate an object with mc find --tags.
AIStor supports adding up to 10 custom tags to an object.
For more on setting tags, refer to mc tag set.
Object retention
AIStor Object Locking (“Object Retention”) enforces Write-Once Read-Many (WORM) immutability to protect versioned objects from deletion. AIStor supports both duration based object retention and indefinite legal hold retention.
Delete operations against a WORM-locked object depend on the specific operation:
- Delete operations which do not specify a version ID result in the creation of a “Delete Marker”
- Delete operations which specify the version ID of a locked object result in a WORM locking error
You can only enable object locking when first creating a bucket. Enabling bucket locking also enables versioning.
AIStor Object Locking provides key data retention compliance and meets SEC17a-4(f), FINRA 4511(C), and CFTC 1.31(c)-(d) requirements as per Cohasset Associates.
See AIStor Object Locking and Object Deletion for more complete documentation.
Object lifecycle management
AIStor Object Lifecycle Management allows creating rules for time or date based automatic transition or expiry of objects. For object transition, AIStor automatically moves the object to a configured remote storage tier. For object expiry, AIStor automatically deletes the object.
AIStor applies lifecycle management rules on versioned and unversioned buckets using the same behavior as normal client operations. You can specify transition or lifecycle rules that handle the latest object versions, non-current object versions, or both.
AIStor lifecycle management is built for behavior and syntax compatibility with AWS S3 Lifecycle Management. AIStor uses JSON to describe lifecycle management rules. Conversion to or from XML may be required for importing rules created on S3 or similar compatible platforms.
See Object Lifecycle Management for more complete documentation.
Target bucket considerations
AIStor does not require that the target bucket match object management or versioning configurations with the source bucket. The target bucket may have its own set of object management rules, if defined with care.
Target buckets should not have their own rules for expiration or additional tiering. Expiration rules can result in removal of tiered data still in use by the source bucket. Tiering to an additional remote creates an additional network hop between the hot tier and it’s data while also increasing operational complexity.
You may configure object locking or versioning on the remote bucket.
Enabling versioning or object locking on the target bucket may have effects such as the following:
- Object locking set on the target bucket may prevent desired deleteoperations from the source bucket from completing.
- AIStor tiers objects with their own UUID, so versioning on the target bucket is redundant at best.
- Reduced storage efficiency on the target, as deleteoperations result in creation of aDeleteMarkerrather than freeing space.
- Duplicate delete markers on source and target buckets.
Exclusive access to remote data
AIStor must have exclusive access to the target bucket. No other user, process, application, or resource should have any access to or perform any actions against the target bucket.
All access to the transitioned objects must occur through AIStor via S3 API operations only. Manually modifying a transitioned object - whether the metadata on the “hot” AIStor tier or the object data on the remote “warm/cold” tier - may result in loss of that object data.
AIStor ignores any objects in the remote bucket or bucket prefix not explicitly managed by the AIStor deployment. Automatic transition and transparent object retrieval depend on the following assumptions:
- No external mutation, migration, or deletion of objects on the remote storage.
- No lifecycle management rules (such as transition or expiration) on the remote storage bucket.
To facilitate this exclusive access, grant the lifecycle management user read, write, and delete access to the target bucket in its policy.
All other policies should deny access to the target bucket.
Conflicting Objects
Applications must assign non-conflicting, unique keys for all objects. This includes avoiding creating objects where the name can collide with that of a parent or sibling object. MinIO returns an empty set for LIST operations at the location of the collision.
For example, the following operations create a namespace conflicts
   PUT data/invoices/2024/january/vendors.csv
   PUT data/invoices/2024/january <- collides with existing object prefix
   PUT data/invoices/2024/january
   PUT data/invoices/2024/january/vendors.csv <- collides with existing object
While you can perform GET or HEAD operations against these objects, the name collision causes LIST operations to return an empty result set at the /invoices/2024/january path.