.svg)
Executive Summary
A global pharmaceutical capsule manufacturer needed a storage platform capable of meeting stringent regulatory requirements for production quality assurance. Every batch of capsules leaving each of their manufacturing sites must be photographed, and those images must be retained for a minimum of 10 years under cGMP, FDA, and EMA guidelines. With factories operating in air-gapped environments, the company required an S3-compatible Private Cloud solution that could store images locally at each site while replicating them to a central repository for audit and regulatory retrieval.
Environment: Regulated Pharmaceutical Manufacturing
This contract development and manufacturing organization (CDMO) produces pharmaceutical capsules across multiple factory sites worldwide. Operating under cGMP, FDA, and EMA regulatory frameworks, the company must maintain complete data integrity for all production records. Compliance with ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate) requires that raw data, including electronic images from QA testing, be securely stored with full audit trails and protection against alteration.
The manufacturing sites operate in air-gapped environments due to network and security constraints common in pharmaceutical production. This rules out public cloud storage and requires that each site maintain its own on-premises storage infrastructure. At the same time, all batch images must be consolidated into a central repository for regulatory audit, retrieval, and long-term archival, creating a distributed edge-to-core storage challenge.
Additional regulatory requirements include compliance with 21 CFR Part 11 for electronic records and digital signatures, the EU Falsified Medicines Directive (FMD), and the U.S. Drug Supply Chain Security Act (DSCSA) for serialization data. The infrastructure team had integrated with Red Hat OpenShift for container orchestration, with legacy storage provided by proprietary appliance vendors.
Challenge: Air-Gapped Compliance at Manufacturing Scale
The company faced a convergence of regulatory, technical, and operational challenges that the existing storage infrastructure could not address.
- 10-year regulatory retention gap: Legacy snapshot-based storage could not guarantee the data integrity, immutability, and audit trail capabilities required for mandatory 10-year retention of QA batch images under cGMP and 21 CFR Part 11.
- Air-gapped network constraints: Manufacturing sites operate in fully isolated network environments. Any storage solution must deploy, operate, and be managed without reliance on external connectivity, ruling out public cloud or SaaS-based storage services.
- Replication performance: Legacy tooling took over a month to copy just 1TB of data between sites, making the consolidation of batch images from multiple factories into a central repository impractical at production volumes.
- Vendor lock-in: Proprietary storage appliances created dependencies that limited flexibility and were incompatible with the team's strategic requirement for open source infrastructure. In pharmaceutical environments, codebase transparency supports validation processes.
- Pharmaceutical qualification complexity: All infrastructure components must meet rigorous pharmaceutical validation standards. The opaque nature of proprietary storage systems made this process more difficult and time-consuming.
Solution: AIStor as S3 for Private Cloud
The company deployed MinIO AIStor on Red Hat OpenShift as an S3 for Private Cloud solution, creating a distributed storage architecture specifically designed for air-gapped pharmaceutical manufacturing environments.
Edge Clusters at Each Factory: Each manufacturing site runs a local AIStor deployment within its air-gapped network. QA batch images are captured and stored locally, providing immediate access for on-site production teams while maintaining full data integrity within the isolated environment.
Central Repository: A three-datacenter stretched cluster with sub-millisecond inter-zone latency serves as the central image archive. AIStor's native edge-to-core replication automatically consolidates batch images from all factory sites into this single, auditable repository.
Regulatory Compliance: Immutable object storage with versioning and object locking supports 21 CFR Part 11 requirements for electronic records. ALCOA+ data integrity principles are maintained through tamper-proof storage with complete audit trails over the full 10-year retention lifecycle.
Kubernetes-Native Architecture: Full integration with Red Hat OpenShift using automated tenant configuration. DirectPV provides high-performance storage for the core cluster. The platform operates independently at each air-gapped site while maintaining centralized management through Kubernetes-native tooling.
Outcomes
Business Impact
- Regulatory compliance achieved: 10-year batch image retention with immutability, audit trails, and data integrity meeting cGMP, FDA, EMA, and 21 CFR Part 11 requirements.
- Centralized audit capability: All factory batch images consolidated into a single repository, enabling efficient regulatory retrieval and audit response.
- Air-gapped operations maintained: S3 Private Cloud at each site operates within fully isolated networks, meeting pharmaceutical security requirements.
- Infrastructure scalability: Clear path from 1PB to 4PB+ capacity over five years, accommodating growing image volumes as production scales.
- Cost optimization and vendor independence: Open source foundation eliminated proprietary licensing while providing the codebase transparency essential for pharmaceutical validation.
“We needed storage that could operate in air-gapped environments while still replicating data centrally for regulatory audit. AIStor gave us the S3 Private Cloud architecture that made this possible across all of our manufacturing sites.” - Infrastructure Team, Global Pharmaceutical Manufacturer
.svg)
