20 Modern S3 platforms must deliver far more than raw scale. Enterprise environments demand secure access, high concurrency, predictable performance, and resilience across nodes and sites — all without introducing operational complexity. To meet these requirements, Scality has validated the integration of Scality RING 9.5 with F5 BIG-IP 17.5, producing a tested, repeatable architecture for enterprise-grade S3 deployments supporting AI and data-intensive workloads. This validated design confirms functional compatibility, performance behavior, and failure handling when F5 BIG-IP is deployed as the front-end traffic management layer for Scality RING. The result is a proven reference architecture for organizations operating large-scale, multi-tenant, or multi-site object storage environments where secure, high-performance S3 access is critical. Architecture overview In this validated design, F5 BIG-IP operates as a full proxy Application Delivery Controller (ADC) in front of a Scality RING storage cluster, abstracting client access from backend storage topology. Traffic flow at a glance S3 clients connect to a single virtual IP (VIP) exposed by BIG-IP. BIG-IP terminates TLS and establishes separate backend connections to RING storage nodes. Traffic is distributed across storage servers using BIG-IP Local Traffic Manager (LTM). Health monitoring ensures failed nodes are automatically removed from service. This approach decouples client access from backend infrastructure while enabling granular control over traffic management, security, and availability. Core integration components F5 BIG-IP configuration BIG-IP was deployed as a Virtual Edition (VE) with the following configuration: Local Traffic Manager (LTM) for S3 traffic distribution Client SSL profiles for TLS termination SNAT AutoMap enabled to ensure symmetric routing This configuration provides the foundation for secure, scalable, and observable traffic handling. Scality RING configuration The Scality RING environment consisted of: Scality RING version 9.4.5 Multiple storage servers listening on HTTP (port 80) internally S3 access exposed externally via BIG-IP HTTPS VIP (port 443) Existing S3 certificates reused to avoid REST endpoint validation issues This design preserves existing RING configurations while introducing BIG-IP as a front-end control layer. Fig: RING deployed on a single site with F5 balancing the requests SSL/TLS termination and security BIG-IP terminates TLS connections using a dedicated client SSL profile bound to the virtual server. Key benefits Offloads cryptographic processing from RING storage nodes Centralizes certificate lifecycle management Provides secure access to: S3 API endpoints RING console RING S3 browser Secure connectivity was validated across both administrative and data paths, confirming end-to-end encryption without operational friction. Load balancing behavior BIG-IP LTM distributes S3 traffic across a pool of RING storage servers. Validation confirmed: Even distribution of PUT, GET, and DELETE operations Balanced disk utilization across nodes Stable behavior under concurrent workloads Traffic distribution and backend utilization were monitored through BIG-IP statistics and RING node metrics, confirming correct load-balancing behavior under sustained load. Performance validation Performance testing was conducted using a load generator to simulate high-concurrency S3 workloads. Test characteristics PUT, GET, and DELETE operations Object sizes up to 1 MB Concurrency levels up to 512 threads Sustained test durations of 5–10 minutes Observed results Consistent throughput across all operations No saturation of individual storage nodes Predictable latency during steady-state operation This validates that BIG-IP does not introduce bottlenecks and that Scality RING continues to scale horizontally behind the ADC layer. High availability and failure scenarios Failure testing focused on validating behavior under real-world disruption scenarios, including: Individual storage node failures Partial backend outages Multi-site disruption scenarios BIG-IP health checks detected failures and dynamically removed impacted nodes from the active pool. Client access continued through healthy nodes without requiring endpoint changes. In multi-site (GSLB) scenarios, BIG-IP provided clear visibility into backend failures and connection behavior under stress, reinforcing operational awareness during degraded conditions. Fig: RING deployed in two sites with F5 Operational advantages This validated design provides several practical benefits for platform and infrastructure teams: A single S3 endpoint, regardless of cluster scale Centralized TLS termination and traffic policy enforcement Simplified scaling: add RING nodes without client reconfiguration Clear separation of concerns between traffic management and storage services Together, these advantages reduce operational risk while improving flexibility and control. From validation to production This validated Scality RING and F5 BIG-IP architecture demonstrates that BIG-IP can be safely and effectively deployed as an enterprise-grade front end for Scality S3 workloads. Integration delivers secure access, intelligent load balancing, and resilient behavior under failure, without compromising performance or scalability. For organizations building large-scale, multi-tenant, or multi-site object storage platforms, this design provides a practical reference for moving into production with confidence. It reduces operational risk, simplifies day-to-day management, and gives platform teams the flexibility to scale and protect S3 services as data volumes and workload demands continue to grow.
