Reference Architecture: Building On-Premises Object Storage for Enterprise Workloads

As enterprises face exponential growth in unstructured data—from backups and logs to media and analytics—the need for scalable, reliable, and cost-effective storage becomes critical.

As enterprises face exponential growth in unstructured data—from backups and logs to media and analytics—the need for scalable, reliable, and cost-effective storage becomes critical. Object storage has become the architecture of choice for modern data workloads, particularly in on-premises environments where control, compliance, and cost-predictability are key.
This guide outlines the core architectural components and recommended hardware to build a production-ready object storage system on-premises.

Below are the key building blocks of a resilient object storage architecture:

1. Storage Backend (Data Plane)

The foundation of the system — responsible for storing object data and metadata reliably.

Responsibilities:

  • Store and retrieve object content.
  • Ensure durability through replication (e.g. RAID) or erasure coding.
  • Handle failure recovery and rebalancing.

Hardware Recommendations:

Component

Specs (Typical Starting Point)

Storage Nodes

3–100+ nodes depending on capacity and durability model

Drives

SATA/SAS HDDs for capacity; SSDs for metadata/journal

Disk Layout

12–36 drives per node; JBOD preferred

Network

Dual 10/25 GbE NICs per node (separate storage/public)

CPU

8–16 cores per node

Memory

64–128 GB per node

2. Object Storage Service Gateway (API Layer)

The stateless service that exposes the S3-compatible API to users and applications.

Responsibilities:

  • Handle object PUT/GET/DELETE requests.
  • Authenticate users and enforce access policies.
  • Translate API calls into storage backend operations.

Design Principles:

  • Stateless — can be scaled horizontally.
  • Deployed as separate services on dedicated nodes or shared infrastructure.

Hardware Recommendations:

Component

Specs

Gateway Nodes

2–4+ nodes (scale with traffic)

CPU

8+ cores

Memory

32–64 GB

Network

10/25 GbE NICs

Storage

Local SSDs (optional; for logs/caching)

3. Load Balancers (Access Distribution Layer)

Front-end layer that handles inbound client traffic and distributes it across multiple gateway nodes.

Responsibilities:

  • Perform load balancing, health checks, and optional TLS termination.
  • Route traffic to healthy API nodes.
  • Ensure high availability at the network edge.

Options:

  • HAProxy, Nginx, Envoy, or hardware appliances (e.g., F5).
  • DNS round-robin or VIP failover (Keepalived/VRRP) for redundancy.

Hardware Recommendations:

Component

Specs

LB Nodes

At least 2 for HA; and more for load balancing

CPU

4–8 cores

Memory

16–32 GB

Network

Dual 10 GbE NICs

4. Control Plane (Cluster Management)

Manages cluster health, configuration, orchestration, and monitoring.

Responsibilities:

  • Coordinate storage and gateway services.
  • Monitor health and metrics.
  • Provide dashboards, CLI/API access, and alerting.

Components:

  • Cluster managers (e.g., monitor daemons)
  • Dashboard and admin services
  • Optionally integrates with orchestration tools (K8s, Ansible, etc.)

Hardware Recommendations:

Component

Specs

Controller Nodes

3 nodes (for quorum/high availability)

CPU

4–8 cores

Memory

16–32 GB

Storage

SSDs (OS and logs)

Network

1–10 GbE

5. Networking Layer

A robust, redundant network fabric is essential for both internal data replication and client access.

Best Practices:

  • Use separate VLANs or interfaces for internal storage and client/API traffic.
  • Redundant switches and bonded NICs.
  • For erasure-coded pools, low latency matters more than bandwidth during recovery.

Network Fabric Guidance:

Type

Min Specs (Per Node)

Storage

10 GbE (recommended) or higher

Client/API

10 GbE (or 1 GbE if low-volume)