Data in Domino

Work in Domino happens in projects. Every Domino project has a corresponding collection of project files. While at rest, project files are stored in a durable object storage system, referred to as the Domino Blob Store.

Domino has native support for backing the Domino Blob Store with the following cloud storage services:

Alternatively, the Domino Blob Store can be backed with a shared Kubernetes Persistent Volume from a compatible storage class. You can provide an NFS storage service, and Domino installation utilities can deploy the nfs-client-provisioner and configure a compatible storage class backed by the provided NFS system.

Domino supports server-side encryption with customer-provided keys (SSE-C) for Amazon S3.

Domino supports EBS file system encryption using the industry-standard AES-256 algorithm on Elastic Block Store.

Domino also supports default encryption keys for:

Domino does not provide pre-write encryption for nfs-client-provisioner volumes.

When a user starts a run in Domino, the files from his or her project are fetched from the Domino Blob Store and loaded into the run in the working directory of the Domino service filesystem. When the Run finishes, or the user initiates a manual sync in an interactive Workspace session, any changes to the contents of the working directory are written back to Domino as a new revision of the project files. Domino’s versioning system tracks file-level changes and can provide rich file difference information between revisions.

Domino also has several features that provide users with easy paths to quickly initiating a file sync. The following events in Domino can trigger a file sync, and the subsequent creation of a new revision of a project’s files.

By default, all revisions of project files that Domino creates are kept indefinitely, since project files are a component in the Domino Reproducibility Engine. You can always return to and work with past revisions of project files, except for files that have been subjected to a full delete by a system administrator.

Users can read and write files to the projects they create, on which they automatically are granted an Owner role. Owners can add collaborators to their projects with the following additional roles and associated files permissions.

The permissions available to each role are described in more detail in Sharing and collaboration.

Users can also inherit roles from membership in Domino Organizations.

Domino users with some administrative system roles are granted additional access to project files across the Domino deployment they administer. Learn more in Roles.

When users have large quantities of data, including collections of many files and large individual files, Domino recommends storing the data in a Domino Dataset. Datasets are collections of Snapshots, where each Snapshot is an immutable image of a filesystem directory from the time when the Snapshot was created. These directories are stored in a network filesystem managed by Kubernetes as a shared Persistent Volume.

Domino has native support for backing Domino Datasets with the following cloud storage services:

Alternatively, the Domino Blob Store can be backed with a shared Kubernetes Persistent Volume from a compatible storage class. You can provide an NFS storage service, and Domino installation utilities can deploy the nfs-client-provisioner and configure a compatible storage class backed by the provided NFS system.

Each Snapshot of a Domino Dataset is an independent state, and its membership in a Dataset is an organizational convenience for working on, sharing, and permissioning related data. Domino supports running scheduled Jobs that create Snapshots, enabling users to write or import data into a Dataset as part of an ongoing pipeline.

Dataset Snapshots can be permanently deleted by Domino system administrators. Snapshot deletion is designed as a two-step process to avoid data loss, where users mark Snapshots they believe can be deleted, and admins then confirm the deletion if appropriate. This permanent deletion capability makes Datasets the right choice for storing data in Domino that has regulatory requirements for expiration.

Datasets in Domino belong to projects, and access is afforded accordingly to users who have been granted roles on the containing project.

The permissions available to each role are described in more detail in Sharing and collaboration.

Users can also inherit roles from membership in Domino Organizations. Learn more in the Organizations overview.

Domino users with administrative system roles are granted additional access to Datasets across the Domino deployment they administer. Learn more in Roles.