Compatibility Matrix

Exaba speaks the standard S3 API, and its compatibility is verified continuously: the S3 surface, clients, operating systems, and network fabrics below are exercised on every release against a conformance test harness. Because Exaba is S3-compatible, the broad ecosystem of S3 tools generally works against it out of the box.

This is the authoritative, source-attested matrix. Rows labelled Certified or Validated are backed by the test harness shipped with the cluster, or by the Exaba Security Design report (available under NDA). Anything not listed is simply untested, not incompatible: most tools that target the published S3 API work, and you can confirm yours by running the harness against it (see APIs: S3-compatible object API).

S3 protocol surface

CapabilityStatusNotes
AWS Signature Version 4ValidatedTested via the standard AWS SDK as the harness HTTP client.
Bucket operationsValidatedCreate, list, delete, and bucket policy.
Object operationsValidatedPut, get, copy, delete, head, conditional requests.
Multipart uploadValidatedIncluding streaming uploads with flexible checksums and trailers.
ChecksumsValidatedMD5, CRC32, CRC32C, CRC64NVME, SHA-1, SHA-256.
VersioningValidatedPer the harness coverage.
Object LockValidatedBoth Compliance and Governance modes.
Presigned URLsValidatedIncluding POST forms.
Server-side encryption (SSE-S3, SSE-KMS)ValidatedKMS keys live in Exaba KMS, not AWS KMS.
SSE-C (customer-provided keys)UnsupportedUse SSE-S3 or SSE-KMS.
ACLs, MFA DeleteUnsupportedUse bucket policies and IAM for access control.
TaggingValidated
Lifecycle rulesRoadmapTime-based expiration and tier-transition via the standard S3 lifecycle API

Source: the S3 conformance test harness shipped with the cluster.

S3 clients and SDKs

ClientStatusNotes
AWS SDK (any language)ValidatedThe harness uses a standard AWS S3 SDK as its HTTP client.
RcloneValidatedFull sync, copy, and mount workflows in routine integration testing.
Any client implementing the published S3 APIExpected to workA high score against the harness indicates any standard S3 client library or backup tool that targets the published S3 API will work without behavioural surprises.

Clients not on this list (s3cmd, mc/MinIO Client, Cyberduck, s5cmd, Boto3 directly, etc.) are untested by Exaba rather than unsupported; most that target the published S3 API are expected to work, but Exaba has not run them through the harness.

Backup and replication products

ProductStatusNotes
Veeam Backup & Replication 12Certified for Veeam ReadyObject Lock for ransomware-resistant backups; Capacity Tier and Performance Tier.
Veeam Backup & Replication 13Certified for Veeam ReadySame plug-in path as Veeam 12.
Acronis Cyber ProtectTestedBackup and restore exercised in Exaba’s own testing. See Acronis.

Other backup products (Commvault, Rubrik, Cohesity, NetBackup, Bacula, Restic, Duplicati, Velero, etc.) are currently untested by Exaba. Any of them that targets the published S3 API with SigV4 is expected to work, but Exaba has not certified them. If you need a certification for one of these products, contact your account representative or by completing this form.

Operating systems

OSStatusNotes
Rocky Linux 10Validated, FIPS-mode supportedProduction target. ~98% DISA STIG benchmark compliance after Ansible hardening; deltas tracked under NDA.
Other RHEL-compatible distrosUntestedNot part of CI; not a production target.
Non-RHEL Linux (Ubuntu, Debian, SUSE, etc.)UnsupportedThe install playbooks target RHEL-family.

FIPS-mode runtime uses a FIPS-validated cryptographic provider linked into every Exaba process. Exaba is FIPS-aware (it detects and runs cleanly under a FIPS-mode kernel) but is not itself FIPS-certified.

Architectures

ArchitectureStatus
x86_64Validated
ARMTested
PowerTested

Hardware

ProfileStatusReference platform
Performance / NVMe-onlyReference architectureDual-socket x86, 256 GB+ ECC RAM, all-NVMe data with dedicated NVMe metadata drives, 100/200 GbE with RoCE.
Edge / evaluationReference architectureSingle- or dual-socket x86, 64 GB+ RAM, SATA/SAS bulk data with NVMe metadata, 10/25 GbE.

Other hardware is deployable (Exaba’s hardware abstraction is deliberately conservative), but only the two profiles above are validated in CI. For a hardware variant you want certified, engage Exaba for a sizing review before placing an order. See Hardware Sizing.

Network fabrics

FabricStatusNotes
Ethernet (10/25/100/200 GbE)ValidatedStandard data-plane fabric.
RoCEv2ValidatedSPDK NVMf RDMA transport.
iWARPValidatedSPDK NVMf RDMA transport.
TCP (no RDMA)ValidatedSPDK NVMf TCP transport for sites without RDMA fabric.

InfiniBand is not supported. Exaba’s RDMA transport targets RoCEv2 and iWARP over Ethernet, not InfiniBand.

Identity providers

FlowStatusNotes
Local accountsValidatedDefault for clusters without an external IdP.
OAuth 2 / OIDCSupportedFederated console SSO with Google and Microsoft.
TOTP MFAValidatedUsed for privileged operator workflows including support SSH.

Reading this matrix

  • Certified: a third party has issued a certification.
  • Validated: Exaba’s CI or harness exercises this on every release.
  • Tested: exercised in Exaba’s own testing, without a formal third-party certification.
  • Reference architecture: the validated configuration in the Reference Architecture PDF.
  • Supported: implemented, with documentation; may not be in every-release CI.
  • Untested: Exaba has not tested it. Most S3-compliant tooling works regardless; run the harness against your candidate stack to confirm.
  • Unsupported: Exaba does not support this configuration; an install attempt may proceed but is outside the supported envelope.