Every feature, no marketing fluff
Here's what Caelum does as of May 2026. If something is missing for your case, tell us — we run a public roadmap and we listen.
Fast local storage, no compromise
Mirror, RAID 1/5/6/10, snapshots, transparent compression, opt-in dedup, quotas global + per-share + per-user/group. No proprietary layer between you and the disk.
- ✓ Scheduled immutable snapshots + block-level send/receive replication
- ✓ POSIX ACLs and Active Directory ACLs side by side
- ✓ Hierarchical quotas (volume / share / user / group)
- ✓ Automatic scrub and built-in SMART alerts
Your cold files move to S3, automatically
Our custom tiering layer replaces inactive files with readable stubs. On open, transparent recall — the user sees nothing.
- ✓ Works with MinIO, AWS S3, Wasabi, Ceph, Backblaze B2
- ✓ Per-share policy (e.g. "inactive > 6 months → archive")
- ✓ Immutable stubs (signed xattr) to resist ransomware
- ✓ Multi-target S3 (replicate to two providers)
- ✓ Auto-purge with configurable retention
Prod-grade 2-node cluster
HA orchestrator with quorum device and vCenter fencing. 5–7s failover RTO, validated. No per-node license, no mandated hardware.
- ✓ Automatic failover on VM loss, kernel panic, network loss
- ✓ Multi-VIP (separate management / data / replication roles)
- ✓ Continuous block-level replication to the passive node
- ✓ Manual failover button for maintenance windows
- ✓ Quorum device to prevent split-brain
Move off NetApp / Synology / Windows Server over a weekend
External SMB scanner, streaming incremental copy, cutover via DFS-N or DNS CNAME. No third-party tool to buy.
- ✓ Automatic source share discovery
- ✓ Incremental copy, automatic resume on error
- ✓ Windows ACL preservation (AD mapping)
- ✓ Guided cutover: DFS-N namespace or DNS switch
- ✓ Post-copy checksum validation
Built-in anti-ransomware and audit
~130 known ransomware extensions blocked at the SMB layer (veto files), immutable S3 stubs, scheduled snapshots, internal audit catalog.
- ✓ SMB veto on ransomware extensions (.locky, .crypto, …)
- ✓ Scheduled immutable snapshots retained per policy
- ✓ Exportable hardening audit report (CIS-like)
- ✓ Email alerts on suspicious events
- ✓ AD join or local LDAP, your call
LACP, VLAN, multi-VIP
Everything an enterprise filer needs to slot into a serious datacenter.
- ✓ 802.3ad LACP bonding across N NICs
- ✓ 802.1Q VLAN
- ✓ Service binding per role (mgmt on admin VLAN, data on prod, repl on dedicated)
- ✓ HA multi-VIP to expose each role on its own IP
- ✓ Jumbo MTU per interface
UI, REST API, CLI, Web Shell
Vanilla-JS single-page UI, auto-documented FastAPI REST (OpenAPI), full CLI and built-in Web Shell for debugging.
- ✓ Auto-generated OpenAPI REST API, scriptable
- ✓ Auto-update from the UI (snapshot + tarball + one-click rollback)
- ✓ Central, exportable logs
- ✓ Email alerts (SMART, storage, jobs, audit)
- ✓ Built-in Web Shell for advanced ops
What's next
- · DR from S3 (rebuild NAS from S3)
- · Public Veeam/Acronis API
- · Multi-tenancy + central orchestrator
- · Multi-tier lifecycle (auto-Glacier)
- · AI hot/warm/cold classification
- · Semantic search on content
The public roadmap is on GitHub. Your issues actually count — we prioritize on customer feedback.
See issues