What is DS3 Composer?
Introduction
DS3 Composer is a software-defined storage platform that lets you deploy and manage your own S3-compatible distributed cloud storage (DS3) in minutes — with complete control over your data, infrastructure, and costs.
-
Geo-distributed by design: DS3 encrypts, fragments, and replicates data across geographically distributed nodes. This ensures high durability and service continuity even during outages or site failures. You can define geofencing rules (e.g., limit storage to specific cities or regions) to enforce data residency, comply with national regulations, and meet standards such as GDPR or ISO.
-
Built for multi-tenancy: DS3 supports native multi-tenancy. Each Tenant is isolated and managed independently, with its own users, access policies, configurations, and storage resources — ideal for MSPs, enterprises, or any environment with multiple domains.
-
Zero-knowledge encryption: DS3 Composer offers an optional zero-knowledge mode in which even administrators cannot access user data. Encryption keys remain client-side, ensuring maximum data privacy and compliance with strict confidentiality requirements.
The Role of the Coordinator
Cubbit DS3 Composer is an orchestration system built around a control plane called the Coordinator. The Coordinator handles core orchestration tasks such as:
- Managing authentication and access policies
- Simplifying the deployment and configuration of the DS3 system components
The Coordinator can be deployed in two modes:
- Managed: Cubbit hosts and operates the Coordinator. Users can orchestrate their infrastructure in a SaaS-like experience with no setup overhead.
- Self-hosted: The Coordinator is installed and managed by the user (under license), offering maximum control, data privacy, and sovereignty — ideal for sensitive or air-gapped environments.
Once deployed, the Coordinator exposes a comprehensive set of APIs and a user-friendly dashboard for configuring and managing your DS3 infrastructure end-to-end. The managed version of the Coordinator is available at composer.cubbit.eu.
What is an Operator?
An Operator is a DS3 Composer user with administrative privileges over the platform. Operators act as system administrators or delegated super-users, depending on their assigned role and permissions.
Operators can:
- Create and manage Tenants: isolated domains within the platform, each with its own users, policies, and storage resources.
- Create and manage Swarms: logical groupings of storage nodes that power the DS3 backend.
- Configure system-wide settings: including authentication policies, geo-fencing, data redundancy levels, and more.
- Monitor platform usage: via built-in analytics, logs, and performance reports.
- Delegate access: by assigning roles with fine-grained permissions (e.g., read-only access to reports, or complete control over a specific Tenant or Swarm).
Operators are the primary interface between the infrastructure and its users. Whether running in a managed or self-hosted environment, they define how resources are structured, secured, and consumed.
What is a Tenant?
A Tenant in DS3 Composer is a logically isolated domain that groups users, projects, resources, and policies together. It provides a dedicated workspace — including a separate UI and supporting services — for managing object storage in a multi-tenant environment.
Each Tenant includes:
- Users: With scoped roles and permissions defined within the Tenant boundary.
- Projects and buckets: Logical containers for organizing and storing data.
- Custom policies: Including access control, usage quotas, and encryption rules.
Tenants are created and managed by Operators, who can define any number of them to serve different teams, business units, clients, or use cases. This structure benefits Managed Service Providers (MSPs), enterprises with multiple departments, or any scenario requiring isolation, governance, and delegated management. Tenants operate independently from each other, ensuring data and administrative isolation while still being orchestrated under a single Coordinator.
What is a Swarm?
A Swarm is a logical grouping of storage nodes that work together as a unified, distributed object storage system. Within a Swarm, data is encrypted, broken into shards, and distributed across nodes based on configurable replication and redundancy policies.
Swarms are highly flexible in topology — from single-site deployments to complex multi-site and geo-distributed architectures. This allows for:
- High durability and availability, even in environments with limited infrastructure
- Data locality and compliance, through customizable geo-distribution
- Scalability, by adding nodes incrementally without system downtime
Operators manually connect nodes—physical or virtual—to the system, which can be distributed across multiple data centers or regions. The Swarm expands seamlessly as new nodes are added, ensuring consistent performance and uninterrupted service.
What is a DS3 Gateway?
A DS3 Gateway is the access point to the DS3 storage system. It exposes an S3-compatible API to external applications and services, enabling seamless integration with standard object storage tools and workflows.
Gateways can be deployed on physical or virtual servers in private infrastructure or public cloud environments. Each gateway is composed of several key components:
- S3 server: This handles incoming API requests, performs client-side encryption, and ensures secure interaction with the storage backend.
- Offloader processes: Execute the core logic for fragmenting files, applying redundancy (e.g., erasure coding), and transferring data to and from the Swarm.
- Optional cache: Accelerates data transfers in specific workloads (e.g., frequent reads or temporary storage). If deployed on shared storage, the cache can be accessed by all gateways within the same gateway pool, improving performance and resource efficiency.
Gateways are infrastructure-agnostic and can be configured to interact with one or more Swarms — providing a scalable, secure, and resilient interface layer. Users can choose between public gateways (managed by Cubbit) or deploy their own private gateways for full control and data locality.