This topic describes how to create a file gateway and configure a share in the Cloud Storage Gateway (CSG) console.
Prerequisites
An Alibaba Cloud account is created and real-name verification for the account is successful. For more information, see Create an Alibaba Cloud account.
NoteWe recommend that you perform operations in the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.
CSG is activated.
If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.
A virtual private cloud (VPC) is available in the region where you want to create a cloud file gateway. For more information, see Create a VPC with an IPv4 CIDR block.
An Elastic Compute Service (ECS) instance is available in the region where you want to create a cloud file gateway. The ECS instance runs in the VPC. For more information, see Create an ECS instance.
NoteIf your on-premises host is connected to a VPC over an Express Connect circuit, you can also perform the following steps by using the host.
An Object Storage Service (OSS) bucket is created. For more information, see Create buckets.
NoteCSG supports Standard, Infrequent Access (IA), and Archive OSS buckets.
If you request to read an archived file from a gateway for which the archive feature is disabled, a request to restore the file is initiated. If the file gateway uses a Network File System (NFS) share, no error is returned, but a certain level of I/O latency occurs. If the file gateway uses a Server Message Block (SMB) share, a short-lived error occurs, and the read operation is successful after the restoration process is complete.
When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and even causes upload failures if not enough time is left to upload data in the cache. We recommend that you do not connect a gateway to an Archive bucket. If files that are written from a file gateway to OSS are infrequently modified, we recommend that you store the files in a Standard or IA bucket first and configure a lifecycle rule that changes the storage class of the files to Archive or Cold Archive. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.
Step 1: Create a file gateway
Log on to the CSG console.
In the top navigation bar, select the region in which you want to create the file gateway.
On the Overview page, click Create Gateway Cluster to create a gateway cluster.
If the desired gateway cluster already exists, skip this step.
In the left-side navigation pane, click Gateways.
On the Gateways page, select the desired gateway cluster from the Current Gateway Cluster drop-down list. Click Create.
In the Gateway Information step, set the parameters described in the following table and click Next.
Parameter
Description
Name
The name of the gateway.
Location
The location where you want to deploy the gateway. Valid values:
On-premises: The file gateway is deployed in your data center. You can deploy an on-premises file gateway by using the CSG console or the on-premises file gateway console.
Alibaba Cloud: The file gateway is deployed on Alibaba Cloud. You can deploy a cloud file gateway only by using the CSG console.
Type
The type of the gateway. Select File Gateway.
In the Gateway Configurations step, set the required parameters and click Next.
If you set Location to Alibaba Cloud, you must set the parameters in this step. The following table describes the parameters.
Parameter
Description
Edition
The gateway edition. You can select Basic, Standard, Enhanced, or Performance Optimized. For more information, see Specifications.
VPC
The VPC in which you want to deploy the gateway.
NoteThe specified VPC must be the VPC in which your ECS instance or on-premises host resides.
VSwitch
The vSwitch that you want to use to connect the gateway.
NoteThe specified vSwitch must be the same vSwitch that is connected to your ECS instance or on-premises host.
If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone.
In the Configure Protocol step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
Cross-region Binding
If you select Yes, you can access a bucket that resides in a different region from the gateway.
If you select No, you can access a bucket that resides only in the same region as the gateway.
OSS Endpoint
The endpoint of the region in which the bucket is located.
Bucket Name
You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.
NoteThe name of a subdirectory can contain only letters and digits.
Starting from V1.0.38, you can map the root directory of a file system to a subdirectory of the bucket. This way, you can isolate file access requests.
You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.
Buckets for which back-to-origin routing is configured are not supported.
CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.
Public Network Bandwidth
This parameter is available only when Cross-region Binding is set to Yes. The default bandwidth is 5 Mbit/s. We recommend that you increase the bandwidth for better data transfer performance.
NoteIf you want to use the gateway or the express synchronization feature across regions, you need to configure this parameter. For more information, see Configure a public bandwidth limit.
The public bandwidth ranges from 5 Mbit/s to 200 Mbit/s.
Protocol
The protocol that you use to connect to the OSS bucket. Valid values: NFS and SMB.
Use the NFS protocol if you need to access OSS buckets from Linux.
Use the SMB protocol if you need to access OSS buckets from Windows.
Share Name
The name of the NFS or SMB share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of NFSv4.
NoteThe name must be 1 to 32 characters in length, and can contain letters and digits. The name cannot start with a digit.
User Mapping
The mapping between an NFS client user and an NFS server user. This parameter is available only when you set Protocol to NFS. Valid values:
none: NFS client users are not mapped to the nobody user on the NFS server.
root_squash: NFS clients that use the root identity are mapped to the nobody user on the NFS server.
all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.
all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.
Reverse Sync
Metadata synchronization from the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.
NoteDuring a reverse synchronization process, the system scans all objects in the bucket. If there are a large number of objects, you are charged for OSS API calls. For more information, see the API Operation Calling Fees section of the OSS pricing page.
Reverse Sync Interval
If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Unit: seconds. Minimum value: 15. Maximum value: 36000. Default value: 900.
NoteIf the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in OSS API operation calling fees.
Cache Disk Type
The cache disk type. Valid values: Ultra Disk, Standard SSD, and ESSD.
Cache Capacity
The cache capacity. The cache capacity ranges from 40 GB to 32 TB.
NoteThe capacity of a cache disk in a Basic file gateway can be set to a value that ranges from 40 GB to 4 TB.
The capacity of a cache disk in a Standard file gateway can be set to a value that ranges from 40 GB to 8 TB.
In the Billing Information step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
Billing Method
The billing method that you want to apply to the gateway. You can select Pay-as-you-go or Subscription. For more information, see Billable items and billing methods.
If you select Subscription, you are redirected to the Cloud Storage Gateway (Subscription) page after you create the file gateway. You can complete the payment on the page. For more information, see Purchase a gateway.
Expiration Policy
The expiration policy for the gateway. Valid values: Switch to Pay-as-you-go and Release.
In the Confirmation step, verify your settings and click OK.
If you create a cloud file gateway, the system completes the deployment in 5 to 10 minutes. If Running is displayed in the Status column, the gateway is activated and deployed.
If you create an on-premises file gateway, click Activate Gateway in the Actions column. In the Activate Gateway dialog box, set the required parameters to activate the gateway. For more information, see Step 4: Activate the gateway.
After the gateway is created, a share is created. If the share does not meet your requirements, you can create a new share. For more information, see Step 2: Add a cache disk and Step 3: Create a share.
Step 2: Add a cache disk
This section describes how to add a cache disk for a cloud file gateway. To add a cache disk for an on-premises file gateway, you must go to the platform where the on-premises gateway is deployed. For more information, Add disks.
Log on to the CSG console.
At the top of the page, select the region where the file gateway resides.
In the left-side navigation pane, click Gateways. On the page that appears, locate the file gateway and click the ID of the file gateway.
In the left-side navigation pane, click Cache. On the Cache page, click Create Cache.
In the Add Cache dialog box, configure the following parameters:
Capacity: the size of the cache disk that you want to create. Valid values: 40 GB to 32 TB.
Type: Select Ultra Disk, Standard SSD, or ESSD based on your business requirements.
NoteThe capacity of a cache disk in a Basic file gateway can be set to a value that ranges from 40 GB to 4 TB.
The capacity of a cache disk in a Standard file gateway can be set to a value that ranges from 40 GB to 8 TB.
Click OK.
If you add a cache disk to a Subscription gateway, you are redirected to the cache disk purchase page. For more information, see Purchase a cache disk.
Step 3: Create a share
Log on to the CSG console.
In the upper-left corner of the page, select the region where the file gateway resides.
In the left-side navigation pane, click Gateways. On the page that appears, locate the file gateway and click the ID of the file gateway.
In the left-side navigation pane, click Share. On the Shares page, click Create.
In the Bucket Settings step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
Cross-region Binding
If you select Yes, you can access a bucket that resides in a different region from the gateway.
If you select No, you can access a bucket that resides only in the same region as the gateway.
OSS Endpoint
The endpoint of the region in which the bucket is located.
Bucket Name
You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.
NoteThe name of a subdirectory can contain only letters and digits.
Starting from V1.0.38, you can map the root directory of a file system to a subdirectory of the bucket. This way, you can isolate file access requests.
You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.
Buckets for which back-to-origin routing is configured are not supported.
CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.
Encrypt
The data encryption setting. Valid values: None, Server-side Encryption, and Gateway-side Encryption.
If you select Server-side Encryption, you must specify a Key ID. You can create a key in the Key Management Service (KMS) console. For more information, see Create a CMK.
If you enable the server-side encryption feature in OSS, you can bring your own key (BYOK). Keys that are imported from KMS are supported.
After you enable server-side encryption, files that are uploaded to OSS from the share are encrypted by using KMS-managed keys. You can call the GetObject operation to check whether the specified file is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID in the response header, the file is encrypted.
NoteOnly users in the whitelist can use this feature. The gateway-side encryption feature is available only for enhanced and performance-optimized gateways. For more information, see Enable gateway encryption.
When you create a key in the KMS console, you must select the region in which the OSS bucket resides.
Use SSL to Connect Bucket
If you select Yes, the bucket is connected over SSL.
In the Basic Information step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
Share Name
The name of the NFS or SMB share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of NFSv4.
NoteThe name must be 1 to 32 characters in length, and can contain letters and digits. The name cannot start with a digit.
Protocol
The protocol that you use to connect to the OSS bucket. Valid values: NFS and SMB.
Use the NFS protocol if you need to access OSS buckets from Linux.
Use the SMB protocol if you need to access OSS buckets from Windows.
Cache
Select an existing cache disk.
NoteFor a cache disk whose capacity is less than 5 TB, 20% of the space is reserved to store metadata. For a cache disk whose capacity is 5 TB or larger, 1 TB of the space is reserved to store metadata. For example, if you create a cache disk whose capacity is 40 GB, the available cache space for storing files is 32 GB. If you create a cache disk whose capacity is 20 TB, the available cache space for storing files is 19 TB.
User Mapping
The mapping between an NFS client user and an NFS server user. This parameter is available only when you set Protocol to NFS. Valid values:
none: NFS client users are not mapped to the nobody user on the NFS server.
root_squash: NFS clients that use the root identity are mapped to the nobody user on the NFS server.
all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.
all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.
Archive
This parameter is available only if you set Protocol to NFS and User Mapping to none.
If you select Yes, the archive feature is enabled. You can use the archive feature to archive and restore files in a share.
If you select No, the archive feature is disabled. You cannot use the archive feature to manage files. When you read data from an archived file, a request to restore the file is also initiated. This causes a certain level of latency before you can actually read the archived file.
NoteBasic file gateways do not support the archive feature.
Browsable
Specifies whether the share can be accessed by using Network Neighborhood.
Windows Permission Support
The access control list. For more information, see Enable Windows access-based enumeration.
Add to Sync Group
You can enable the express synchronization feature for the share and add the share to a synchronization group. Then, all changes made to the data stored in the associated OSS bucket are synchronized to the on-premises client of the share. When you select the Add to Sync Group check box, the Reverse Sync check box is automatically cleared.
NoteTo enable this feature, create a synchronization group first. Make sure that the synchronization group and the share use the same OSS bucket. For more information about how to create a synchronization group, see Configure express synchronization.
Only Standard, Enhanced, and Performance Optimized gateways support the express synchronization feature.
The express synchronization feature is implemented based on Alibaba Cloud Message Queue(formerly MNS). Adding a share to a synchronization group incurs Message Queue(formerly MNS) costs. For more information about billing, see Configure express synchronization.
Advanced Settings
After you select the Advanced Settings check box, the Advanced Settings step appears.
In the Advanced Settings step, configure the parameters, and then click Next. The following table describes the parameters.
Parameter
Description
Mode
Replication Mode: In this mode, two backups are created for all data. One backup is stored in the on-premises cache disk and the other backup is stored in the associated OSS bucket.
Cache Mode: In this mode, the on-premises cache disk stores only metadata and the user data that is frequently accessed. The bucket stores full data.
Transfer Acceleration
This feature accelerates data transfer across regions by using the public bandwidth of the gateway. Before you use this feature, make sure that the transfer acceleration feature is enabled for the associated OSS bucket.
Fragmentation Optimization
Specify whether to optimize the performance for applications that frequently and randomly read and write small amounts of data.
Direct IO Mode
Specify whether to transfer data by using the direct I/O mechanism.
Upload Optimization
If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.
Reverse Sync
Metadata synchronization from the bucket to your local device. The reverse synchronization feature is helpful in scenarios such as disaster recovery, data recovery, and data sharing.
NoteDuring a reverse synchronization process, the system scans all objects in the bucket. If there are a large number of objects, you are charged for OSS API calls. For more information, see the API Operation Calling Fees section of the OSS pricing page.
If you select the Add to Sync Group check box in the Basic Information step, the Reverse Sync parameter is unavailable.
Reverse Sync Interval
If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Unit: seconds. Minimum value: 15. Maximum value: 36000. Default value: 900.
NoteIf the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in OSS API operation calling fees.
Ignore Deletions
If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. The bucket stores full data.
NFS V4 Optimization
Select whether to optimize the upload efficiency if an NFSv4 file system is mounted. If you select Yes, you cannot mount an NFSv3 file system.
Sync Latency
Specify a period of time to delay the upload of files. The Sync Latency feature prevents frequent on-premises modifications from creating a large number of parts in OSS. Default value: 5. Maximum value: 120. Unit: seconds.
Replication Mode Advanced Settings
This parameter is available only if you set Mode to Replication Mode. After you select the Replication Mode Advanced Settings check box, the Replication Mode Advanced Settings step appears.
In the Replication Mode Advanced Settings step, configure the parameters and then click Next. The following table describes the parameters.
Parameter
Description
Configure Directory in Replication Mode
Select the files to which the replication mode applies.
If you do not select this check box, the replication mode applies to all data in the share.
If you select the check box, click Add Directory to specify a directory that contains the data to which you want to apply the replication mode. The replication mode is applied to data in the specified directory. The rest of the data uses the cache mode.
NoteIf you change the mode of a directory from cache to replication, the files in the directory can be synchronized only when the data download feature is also enabled. We recommend that you enable the data download feature if you use the replication mode.
You can specify relative directories under the root directory of the share. For example, if the directory to which you want to apply the replication mode is /mnt/myshare/mydir/ and the mount point is /mnt/myshare, you can enter /mydir/.
Data Download
The reverse synchronization or express synchronization feature synchronizes the metadata between the OSS bucket and the on-premises cache disk. The data download feature allows you to download data from OSS to the local cache disk. After you enable the Reverse Sync or Express Sync feature, you can set Data Download to Yes.
NoteIf you download data in replication mode, the capacity of the cache disk must be 10% larger than the size of the files that you want to replicate. Plan the cache capacity based on the expected growth of the bucket usage.
When you enable the data download feature for the first time, a full scan is triggered. This process may reduce the performance of the gateway. We recommend that you enable the data download feature during off-peak hours and wait for the system to replicate all the data.
The data download feature supports only write-once-read-many storage. If multiple users access the bucket at the same time (including but not limited to direct access or access through the gateway), only one user can upload files to the bucket. Other users can only download data. Data loss may occur if multiple users write data to and read data from the bucket at the same time.
Download Speed Limit
This parameter is available only if you enable the Data Download feature in replication mode. The maximum download speed limit is 1,280 MB/s. The value range of the parameter is 0 to 1280. If you set this parameter to 0, the download speed is unlimited.
Reverse Sync Interval
If you enable Data Download in replication mode, you must configure this parameter. Valid values: 3600 to 36000. Default value: 36000. Unit: seconds.
NoteIf the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in OSS API operation calling fees.
Reverse synchronization is triggered only when you access the directory. To make sure that the data in other directories can be downloaded and new data can be downloaded in real time, we recommend that you use express synchronization.
In the Confirmation step, verify your settings and click OK.
Access a share
After you create a share, you can access the share from a client. For more information, see Access an NFS share.