The 2026 landscape, plainly

The on-premise object storage market has been reshuffling for three years. IBM has repositioned COS multiple times since acquiring Cleversafe in 2015: first as a standalone product, then pushed toward IBM Storage Ready Nodes, then folded into the "cyber vault" narrative inside the Storage Defender portfolio. Legacy Cleversafe customers — many running decade-old deployments on Cisco UCS hardware now at end of life — are asking what the next five years look like before IBM changes the message again.

Ceph, meanwhile, has done the opposite. It has consolidated. The current release, Tentacle (20.2.1, April 2026), closes a maturity cycle that started with Reef and Squid. Active contributors include CERN, DigitalOcean, Bloomberg, OVH, Clyso, Red Hat/IBM, and SUSE. It is hard to find an infrastructure open source project with more sustained momentum.

Between them sits IBM Storage Ceph: upstream Ceph packaged and commercially supported by IBM, the direct successor to Red Hat Ceph Storage. Technically the same Ceph. Commercially, a per-capacity subscription with a vendor tier-1 SLA. It exists because some clients' procurement policies mandate a named enterprise vendor, and bare upstream Ceph doesn't pass that filter — even if it is technically identical.

Three products, three business models, three distinct client profiles.

The three options at a glance

Hover each card for detail · The right option depends entirely on each client's operational reality

All three work. The differences that matter are not about what they do, but how they are operated and what they cost over five years. IBM Storage Ceph and IBM COS do not compete — they serve fundamentally different client profiles. For a deeper comparison of Ceph against Storage Scale, GPFS, or NFS, see our dedicated article: IBM Storage Ceph vs Storage Scale, GPFS, GFS2, NFS and SMB.

Why we prefer open source

It's not ideology. It's the result of seeing, project after project, that a client with a competent in-house team or a capable partner gets the same operational stability on upstream Ceph as on any commercial alternative — with significantly more freedom and at lower cost.

Proprietary lock-in is not just about hardware — it's about roadmap. If IBM repositions COS again — and it has happened multiple times since 2015 — the client watches the change from the sidelines. With Ceph, if your commercial distributor changes strategy or raises prices, you move to upstream or another distributor without migrating data. The portability is real, not marketing.

Community continuity is a guarantee no single vendor can match. A proprietary product depends ultimately on a spreadsheet at the vendor's headquarters. Ceph has enough institutional contributors that when one leaves — which has happened — the project continues. For infrastructure you plan to run for fifteen or twenty years, that matters.

Architectural versatility pays for itself. Object storage today, block tomorrow for virtualisation, file when needed, NVMe-oF when it becomes relevant. All on the same hardware, maintained by the same team. COS only does object well. Separating platforms by protocol doubles teams, procedures, and support contracts. For cases where Ceph runs as an NFS high-availability backend, we've documented the process: NFS high availability with Ceph Ganesha.

Operational transparency is its own kind of security. When something breaks in Ceph, you have the code. When something breaks in COS, you open a ticket and wait. For serious technical teams, the first is worth more than it appears in a feature comparison.

When IBM COS is the right answer

If we were open source absolutists we'd be selling smoke — and there's enough in this market already. COS is the correct choice for a fairly specific client profile.

Small operational teams with no deep SDS skills and no budget to hire them or outsource continuously. Ceph's learning curve is real. If the organisation can't absorb it, a packaged product like COS reduces the operational problem surface.

Regulated sectors with very specific compliance requirements — audited WORM, SEC 17a-4 retention, Compliance Enabled Vaults, NENR. IBM's ecosystem is very mature here and audits move faster when the entire stack is from one vendor with existing certifications.

Corporate "single throat to choke" policy with explicit preference for vendor tier-1. Some organisations — conservative banking, public sector, defence — where the CISO won't accept an architecture without a contractual SLA. Arguing with that policy from outside is a waste of time; the right move is helping the client choose the packaged product that fits best.

IBM ecosystem already deployed. If the client already has Spectrum Protect, Storage Defender, Fusion, Power, or Z, consolidating object storage within the same vendor makes operational and commercial sense.

Very large scale (high petabytes or exabytes) with predictable, stable workloads, where the operational simplicity of a mature product offsets the licensing cost. We've seen clients with more than an exabyte under IBM support for whom migration would be a three-year project worth tens of millions; in those cases the answer is to stay and optimise.

When upstream Ceph with a good partner is the answer

This is the scenario where we believe most of the market sits — even if it doesn't always know it.

Profiles where upstream Ceph wins clearly:

• Client with a competent technical team in Linux and infrastructure, or willing to engage a continuous support partner.
• Medium to large scale, from hundreds of TB to tens of PB, where commercial subscription starts to hurt the budget.
• Need or intent to unify object, block, and file storage on the same platform.
• Hardware refresh underway with no appetite for tying to a single vendor's certified list.
• Native Kubernetes integration via Rook, if a cloud-native platform is on the roadmap.
• A preference, simply, for being able to see what's under the hood.

Here we need to address a myth that has circulated for years: that Ceph is hard. It's half true. Ceph is complex — as any serious distributed system is — but it's not chaotic or unstable. The difference between a Ceph cluster that causes problems and one that runs for years without incidents is not in the software. It's in deployment design, placement group and balancer tuning, coherent hardware selection, monitoring, and having someone experienced who knows what to do when something unusual appears in ceph health detail. We have a dedicated article on the most common Ceph error and how to fix it.

The problem is not Ceph. The problem is deploying Ceph without expertise. That's a problem for any complex infrastructure, not a product defect.

A well-operated Ceph cluster performs just as well with upstream support plus a competent partner as with an enterprise subscription. The real difference is who picks up the phone at three in the morning. If you're evaluating Ceph against lighter object storage alternatives, our Ceph vs MinIO 2026 article covers that in detail.

IBM Storage Ceph: the middle option

We'll be more direct here, because this product gets written about with surprisingly little clarity.

IBM Storage Ceph is, technically, Ceph. The same Ceph you download from the project website. Packaged, tested, integrated with IBM-specific tooling, commercially supported with an SLA, and certified in several regulated environments. That is what you pay for. Technically you get nothing you couldn't have with upstream.

When it makes sense to pay for it:

• Public or private procurement contracts that require a tier-1 vendor with contractual support, with no room for negotiation.
• Organisations where internal purchasing policy mandates enterprise support without exception, and there is no way to qualify an external partner as a substitute.
• Clients who already have an IBM ELA where adding Storage Ceph to the package is reasonable against list price.
• Sectors with audits where the manufacturer's name on the invoice shortens the process.

When it's not worth it: in practically every other case. If your compliance doesn't require it and you have a decent partner, paying a subscription for upstream is an avoidable overhead. At tens of petabytes scale, the difference between a commercial subscription and a partner supporting upstream can be hundreds of thousands of euros per year. At exabyte scale, it moves to millions. For most clients, that money is better reinvested in team, hardware, or anything else.

If your reality pushes you toward the first or second, we'll be there to help you operate it well. But most clients we work with discover, after an honest assessment, that the third fits them better than they thought.

Three real client cases

Anonymised, because NDAs are NDAs. The lesson is always the same: the right question is not "which is better in the abstract" but "which fits this specific operational reality".

What most comparisons don't tell you

Four things that never appear in vendor whitepapers and that we have seen trip up many technical teams.

Migrating at petabyte scale is not copying data

It's migrating configuration: lifecycle policies, retention, legal holds, ACLs, CORS, bucket policies, versioning, event notifications, tagging, replication. You migrate context as much as bytes. A poorly scoped migration project discovers this halfway through and finds its timeline has doubled.

The S3 dialect is not uniform

Between AWS S3, Ceph RGW, and IBM COS there are subtle differences in headers, LIST behaviour with large object counts, multipart upload edge cases, and versioning semantics. Client applications sometimes need adjustment. Test — don't assume.

Data protection philosophy changes between products

COS's IDA, Ceph's erasure coding, and traditional triple replication are not interchangeable in terms of durability guarantees or the failure profiles they tolerate. Translating a COS IDA 10/8/7 to a Ceph erasure coding profile requires judgment, not arithmetic.

Day-to-day operations are radically different

In COS you diagnose with storagectl list and the Manager administration shell. In Ceph with ceph -s, ceph osd tree, ceph health detail, placement groups, OSDs, CRUSH maps. Retraining a team takes six to twelve months of effective transition. Budget for it — it cannot be a project footnote.

How we work at SIXE

The approach is straightforward and has been working for years. First an assessment: we review the current architecture, actual workloads, the operational team's profile, regulatory constraints, the three-to-five-year budget, and the technically viable options. The output is a reasoned recommendation with alternatives — and sometimes it is "stay where you are". We have said that more than once.

Then a design, if there is migration or substantial change. Target architecture, phased plan, operational windows, risk matrix, runbooks. No two migrations are alike.

Then execution. Phased migration with dual-running where possible, data validation, functional QA with client applications, post-cutover tuning.

And finally handover with mentoring to the client team, plus ongoing Ceph technical support if they want us at the other end of the line going forward. Many clients prefer this model — SIXE as a team extension — over a commercial subscription. It is exactly what makes upstream Ceph viable in serious production environments. For teams that want to build internal capability, we offer a Ceph administration course and a practical IBM Storage Ceph course.

Our team diagnoses a DONT-START-DAEMON on a ClevOS slicestor with the same ease as a placement group inactive+incomplete on Ceph. We are not an "IBM partner" or a "Ceph partner". We are an object storage partner, and we know all three options well enough to recommend whichever one actually fits.