Compatibility Matrix
Exaba speaks the standard S3 API, and its compatibility is verified continuously: the S3 surface, clients, operating systems, and network fabrics below are exercised on every release against a conformance test harness. Because Exaba is S3-compatible, the broad ecosystem of S3 tools generally works against it out of the box.
This is the authoritative, source-attested matrix. Rows labelled Certified or Validated are backed by the test harness shipped with the cluster, or by the Exaba Security Design report (available under NDA). Anything not listed is simply untested, not incompatible: most tools that target the published S3 API work, and you can confirm yours by running the harness against it (see APIs: S3-compatible object API).
S3 protocol surface
| Capability | Status | Notes |
|---|---|---|
| AWS Signature Version 4 | Validated | Tested via the standard AWS SDK as the harness HTTP client. |
| Bucket operations | Validated | Create, list, delete, and bucket policy. |
| Object operations | Validated | Put, get, copy, delete, head, conditional requests. |
| Multipart upload | Validated | Including streaming uploads with flexible checksums and trailers. |
| Checksums | Validated | MD5, CRC32, CRC32C, CRC64NVME, SHA-1, SHA-256. |
| Versioning | Validated | Per the harness coverage. |
| Object Lock | Validated | Both Compliance and Governance modes. |
| Presigned URLs | Validated | Including POST forms. |
| Server-side encryption (SSE-S3, SSE-KMS) | Validated | KMS keys live in Exaba KMS, not AWS KMS. |
| SSE-C (customer-provided keys) | Unsupported | Use SSE-S3 or SSE-KMS. |
| ACLs, MFA Delete | Unsupported | Use bucket policies and IAM for access control. |
| Tagging | Validated | |
| Lifecycle rules | Roadmap | Time-based expiration and tier-transition via the standard S3 lifecycle API |
Source: the S3 conformance test harness shipped with the cluster.
S3 clients and SDKs
| Client | Status | Notes |
|---|---|---|
| AWS SDK (any language) | Validated | The harness uses a standard AWS S3 SDK as its HTTP client. |
| Rclone | Validated | Full sync, copy, and mount workflows in routine integration testing. |
| Any client implementing the published S3 API | Expected to work | A high score against the harness indicates any standard S3 client library or backup tool that targets the published S3 API will work without behavioural surprises. |
Clients not on this list (s3cmd, mc/MinIO Client, Cyberduck, s5cmd, Boto3 directly, etc.) are untested by Exaba rather than unsupported; most that target the published S3 API are expected to work, but Exaba has not run them through the harness.
Backup and replication products
| Product | Status | Notes |
|---|---|---|
| Veeam Backup & Replication 12 | Certified for Veeam Ready | Object Lock for ransomware-resistant backups; Capacity Tier and Performance Tier. |
| Veeam Backup & Replication 13 | Certified for Veeam Ready | Same plug-in path as Veeam 12. |
| Acronis Cyber Protect | Tested | Backup and restore exercised in Exaba’s own testing. See Acronis. |
Other backup products (Commvault, Rubrik, Cohesity, NetBackup, Bacula, Restic, Duplicati, Velero, etc.) are currently untested by Exaba. Any of them that targets the published S3 API with SigV4 is expected to work, but Exaba has not certified them. If you need a certification for one of these products, contact your account representative or by completing this form.
Operating systems
| OS | Status | Notes |
|---|---|---|
| Rocky Linux 10 | Validated, FIPS-mode supported | Production target. ~98% DISA STIG benchmark compliance after Ansible hardening; deltas tracked under NDA. |
| Other RHEL-compatible distros | Untested | Not part of CI; not a production target. |
| Non-RHEL Linux (Ubuntu, Debian, SUSE, etc.) | Unsupported | The install playbooks target RHEL-family. |
FIPS-mode runtime uses a FIPS-validated cryptographic provider linked into every Exaba process. Exaba is FIPS-aware (it detects and runs cleanly under a FIPS-mode kernel) but is not itself FIPS-certified.
Architectures
| Architecture | Status |
|---|---|
| x86_64 | Validated |
| ARM | Tested |
| Power | Tested |
Hardware
| Profile | Status | Reference platform |
|---|---|---|
| Performance / NVMe-only | Reference architecture | Dual-socket x86, 256 GB+ ECC RAM, all-NVMe data with dedicated NVMe metadata drives, 100/200 GbE with RoCE. |
| Edge / evaluation | Reference architecture | Single- or dual-socket x86, 64 GB+ RAM, SATA/SAS bulk data with NVMe metadata, 10/25 GbE. |
Other hardware is deployable (Exaba’s hardware abstraction is deliberately conservative), but only the two profiles above are validated in CI. For a hardware variant you want certified, engage Exaba for a sizing review before placing an order. See Hardware Sizing.
Network fabrics
| Fabric | Status | Notes |
|---|---|---|
| Ethernet (10/25/100/200 GbE) | Validated | Standard data-plane fabric. |
| RoCEv2 | Validated | SPDK NVMf RDMA transport. |
| iWARP | Validated | SPDK NVMf RDMA transport. |
| TCP (no RDMA) | Validated | SPDK NVMf TCP transport for sites without RDMA fabric. |
InfiniBand is not supported. Exaba’s RDMA transport targets RoCEv2 and iWARP over Ethernet, not InfiniBand.
Identity providers
| Flow | Status | Notes |
|---|---|---|
| Local accounts | Validated | Default for clusters without an external IdP. |
| OAuth 2 / OIDC | Supported | Federated console SSO with Google and Microsoft. |
| TOTP MFA | Validated | Used for privileged operator workflows including support SSH. |
Reading this matrix
- Certified: a third party has issued a certification.
- Validated: Exaba’s CI or harness exercises this on every release.
- Tested: exercised in Exaba’s own testing, without a formal third-party certification.
- Reference architecture: the validated configuration in the Reference Architecture PDF.
- Supported: implemented, with documentation; may not be in every-release CI.
- Untested: Exaba has not tested it. Most S3-compliant tooling works regardless; run the harness against your candidate stack to confirm.
- Unsupported: Exaba does not support this configuration; an install attempt may proceed but is outside the supported envelope.