FAQ

General

What operating systems does flexFS support?

FlexFS runs on Linux (kernel 4.18+) with FUSE3 support. Both amd64 and arm64 (aarch64) architectures are supported.

What is the maximum file size?

FlexFS does not impose an artificial file size limit. Files are split into blocks (configurable from 256 KiB to 8 MiB per volume), so the theoretical maximum is bounded only by the metadata server’s capacity and the object storage backend.

How many concurrent mounts can a single metadata server handle?

A metadata server can handle hundreds to thousands of concurrent mount sessions depending on the workload and hardware. Each mount client maintains a persistent RPC connection. See the Scaling to 1000+ Mounts guide for tuning recommendations.

What cloud storage backends are supported?

FlexFS supports Amazon S3, Google Cloud Storage, Azure Blob Storage, and Oracle Cloud Infrastructure Object Storage. Any S3-compatible storage (MinIO, Wasabi, Ceph RGW, etc.) also works using the s3 block API.

Can I use flexFS with on-premises object storage?

Yes. Any S3-compatible object storage can be used by specifying a custom endpoint address when creating a block store.

Editions

What is the difference between Enterprise and Community?

The Community edition supports a single volume with all core filesystem features. The Enterprise edition adds unlimited volumes, configure.flexfs, proxy groups, end-to-end encryption, volume quotas, mount-path scoped tokens, and dynamic CSI provisioning. See the Editions page for the full comparison.

Can I upgrade from Community to Enterprise?

Contact Paradigm4 for migration assistance. The underlying data format is the same, so volumes can be transitioned without data movement.

Data and Durability

Where is my data stored?

File data is stored as blocks in your cloud object storage bucket. Metadata (directory structure, file attributes, permissions) is stored on the metadata server’s local disk. You retain full ownership and control of both.

What happens if the metadata server goes down?

Active mounts will continue to serve cached data for a short period but will eventually become unresponsive for new operations. When the metadata server comes back, mounts reconnect automatically. The metadata database should be backed up regularly.

What happens if a proxy server goes down?

Mount clients that were using the proxy group will fall back to direct object storage access. Performance may degrade but data remains fully accessible. When the proxy server recovers, mount clients begin using it again on their next RTT probe.

Does flexFS support point-in-time recovery?

Yes. The --atTime flag on mount.flexfs mounts a read-only snapshot of the filesystem at any point within the volume’s retention window (default 7 days). Both metadata and block data are preserved for the retention period — no separate snapshot infrastructure is needed.

Security

Is data encrypted in transit?

Yes. All communication between flexFS components (mount clients, metadata servers, proxy servers, admin server) uses TLS by default with auto-generated certificates.

Is data encrypted at rest?

With Enterprise end-to-end encryption enabled, blocks and metadata are encrypted with AES-256 before leaving the mount client. The encryption key is derived from a user-provided secret using Argon2id and never leaves the client. Additionally, S3 server-side encryption (SSE) can be enabled for an extra layer of at-rest protection.

How does authentication work?

Mount clients authenticate using volume tokens (UUIDs). Each volume token grants access to a specific volume and can optionally restrict the mount to a subdirectory (mount path). The configure.flexfs tool authenticates using account tokens.

Kubernetes

Does the CSI driver require privileged mode?

The node DaemonSet pods require access to /dev/fuse and SYS_ADMIN capability (or privileged mode) to mount FUSE filesystems.

Does the CSI driver support dynamic provisioning?

Dynamic provisioning is available in the Enterprise edition. Community edition supports static provisioning only.

Compatibility

Is flexFS compatible with NFS or SMB?

FlexFS provides a POSIX filesystem interface. You can export a flexFS mount point via NFS or Samba to other machines, though this adds a layer of indirection. For multi-machine access, it is generally better to mount flexFS directly on each machine.

Does flexFS support file locking?

Yes. Both POSIX advisory locks (fcntl) and BSD locks (flock) are supported.

Does flexFS support hard links and symlinks?

Yes. Hard links, symbolic links, and special files (named pipes, sockets, block/character devices) are all supported.

Operations

How do auto-updates work?

The mount client periodically polls the admin server’s deploy endpoint for newer binaries. When an update is available, it downloads the new binary, performs a FUSE session handoff to the new process, and the old process exits. The mount remains active throughout — no unmount or remount is needed.

How do I manually update all components?

Use manage.flexfs upgrade to download, install, and restart all components in a single command. For mount clients only, use update.flexfs.

What ports does flexFS use?

By default, all server components (admin, meta, proxy, free, stat) bind to port 443. The CSI driver uses a Unix socket. You can change the port with --bindAddr on any server component.