All Products
Search

This Product

    Cloud Storage Gateway:Manage a file gateway in the CSG console

    Document Center

    Cloud Storage Gateway:Manage a file gateway in the CSG console

    Last Updated:Dec 31, 2024

    This topic describes how to create a file gateway and configure shares for the file gateway in the Cloud Storage Gateway (CSG) console.

    Prerequisites

    1. An Alibaba Cloud account is created and real-name verification for the account is complete. For more information, see Create an Alibaba Cloud account.

      Note

      We recommend that you log on to the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.

    2. CSG is activated. If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.

    3. A virtual private cloud (VPC) is available in the region where you want to create the file gateway. For more information, see Create a VPC with an IPv4 CIDR block.

    4. An Elastic Compute Service (ECS) instance is created on the VPC in the region where you want to create the file gateway. For more information about how to create an ECS instance, see Create an ECS instance.

      Note

      If your on-premises host is connected to the VPC over an Express Connect circuit, you can also perform the steps by using the host.

    5. An OSS bucket is created. For more information, see Get started by using the OSS console.

      Important

      • File gateways support the following storage classes of OSS buckets: Standard, Infrequent Access (IA), and Archive. File gateways do not support OSS buckets for which back-to-origin routing is configured.

      • We recommend that you do not associate a gateway with an Archive bucket. If files that are written from a file gateway to OSS are infrequently modified, we recommend that you store the files in a Standard or IA bucket first and configure a lifecycle rule that changes the storage class of the files to Archive or Cold Archive. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.

      • When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and even causes upload failures if not enough time is left to upload data in the cache.

    Create a file gateway

    1. On the Gateways page of the CSG console, click Create.

    2. In the Create Gateway wizard, configure parameters as described in the following table and retain default settings for other parameters.

      Example

      Step

      Parameter

      Description

      Gateway Information

      Name

      Specify a name for the gateway. The name must be 1 to 60 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      Location

      Select Alibaba Cloud.

      Type

      Select File Gateway.

      Region

      Select the region of the file gateway.

      Gateway Configurations

      VPC

      Select the VPC in which you want to deploy the gateway.

      Note

      The VPC must be the one in which your ECS instance or on-premises host is located.

      VSwitch

      Select the vSwitch that is connected to the gateway.

      Note

      • The vSwitch must be the one that is connected to your ECS instance or on-premises host.

      • If no gateway resource is available in the zone where the specified vSwitch resides, create a vSwitch in another zone.

      Edition

      Select Basic, Standard, Enhanced, or Performance Optimized. For more information, see Specifications.

      Config Protocol

      Cross-border Binding

      • If you select Yes, you can access a bucket that resides in a different region from that of the gateway.

      • If you select No, you can only access a bucket that resides in the same region as the gateway.

      OSS Endpoint

      Select an endpoint for the region in which the bucket is located.

      Bucket Name

      Specify the bucket. You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

      • The name of a subdirectory can contain only letters and digits.

      • Starting from V1.0.38, you can map the root directory of a file system to a subdirectory of the bucket. This way, you can isolate file access requests.

      • The subdirectory can be an existing directory in the OSS bucket or a directory that has not yet been created in the OSS bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

      • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

      • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

      Public Network Bandwidth

      Specify the public bandwidth. This parameter is available only when Cross-region Binding is set to Yes. The default bandwidth is 5 Mbit/s. We recommend that you increase the bandwidth for better data transfer performance.

      Note

      • If you want to use the gateway or the express synchronization feature across regions, you need to configure this parameter. For more information, see Configure a public bandwidth limit.

      • The public bandwidth ranges from 5 Mbit/s to 200 Mbit/s.

      Protocol

      Specify the protocol that you use to connect to the OSS bucket. You can select NFS or SMB.

      • Use the NFS protocol if you need to access the bucket from a Linux system.

      • Use the SMB protocol if you need to access the bucket from a Windows system.

      Share Name

      Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

      Note

      The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      User Mapping

      Set the user mapping between the NFS client and the NFS server. This parameter is available only when you set Protocol to NFS. Valid values:

      • none: The NFS client user is not mapped to the nobody user on the NFS server.

      • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

      • all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.

      • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.

      Reverse Sync

      Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is useful in scenarios such as disaster recovery, data recovery, and data sharing.

      Note

      During a reverse synchronization process, the system scans all objects in the bucket. If the bucket contains a large number of objects, you are charged for calling the OSS API. For more information, see Pricing.

      Reverse Sync Interval

      If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

      Note

      If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

      Cache Disk Type

      Select Ultra Disk, Standard SSD, or ESSD based on your business requirements.

      Cache Capacity

      • The capacity of a cache disk for a Basic gateway ranges from 40 GB to 4,096 GB.

      • The capacity of a cache disk for a Standard gateway ranges from 40 GB to 8,192 GB.

      • The capacity of a cache disk for an Enhanced or Performance Optimized gateway ranges from 40 GB to 32,768 GB.

      Billing Information

      Billing Information

      Select Pay-as-you-go or Subscription. For more information, see Billable items and billing methods.

      If you select Subscription, you are redirected to the subscription purchase page after you create the file gateway. Complete the payment. For more information, see Purchase a gateway.

      Expiration Policy

      Select an expiration policy for the gateway subscription. You can select Switch to Pay-as-you-go or Release.

    3. In the Confirmation step, check the configuration information. If nothing is wrong, click Complete.

    Important

    • After the gateway is created, the system automatically deploys and starts the gateway. It takes about 5 to 10 minutes to complete the process. The gateway enters the Running state if it is activated and deployed.

    • After the gateway is created, the share specified in the gateway creation process is created. If the share does not meet your requirements, you can create a new share. For more information, see Attach a cache disk and Create a share.

    Attach a cache disk

    1. On the Gateways page, click the ID of the gateway. On the page that appears, click Cache > Create Cache.

    2. Specify cache disk specifications by using Cache Calculator or Custom Cache settings.

      Note

      • Capacity

        • The capacity of a cache disk for a Basic gateway ranges from 40 GB to 4,096 GB.

        • The capacity of a cache disk for a Standard gateway ranges from 40 GB to 8,192 GB.

        • The capacity of a cache disk for an Enhanced or Performance Optimized gateway ranges from 40 GB to 32,768 GB.

      • Type

        Select Ultra Disk, Standard SSD, or ESSD based on your business requirements.

      If you attach a cache disk to a Subscription gateway, you are redirected to the cache disk purchase page. For more information, see Purchase a cache disk.

    Create a share

    1. On the Gateways page, click the ID of the file gateway. On the page that appears, click Shares > Create.

    2. In the Bucket Settings step, configure the parameters described in the following table.

      Bucket Settings

      Parameter

      Description

      Cross-border Binding

      • If you select Yes, you can access a bucket that resides in a different region from that of the gateway.

      • If you select No, you can only access a bucket that resides in the same region as the gateway.

      OSS Endpoint

      Select an endpoint for the region in which the bucket is located.

      Bucket Name

      Specify the bucket. You can select an existing bucket from the drop-down list. You can also select the Subdirectory check box and enter a subdirectory of the bucket in the text box that appears.

      Note

      • The name of a subdirectory can contain only letters and digits.

      • Starting from V1.0.38, you can map the root directory of a file system to a subdirectory of the bucket. This way, you can isolate file access requests.

      • You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory and stores all related files and directories.

      • A file gateway does not support OSS buckets for which back-to-origin routing is configured.

      • CSG cannot guarantee that only one write operation is performed on an object. Therefore, buckets for which retention policies are configured are not supported.

      Encrypt

      Specify the encryption settings. You can select None, Server-side Encryption, or Gateway-side Encryption.

      If you select Server-side Encryption, you must specify a Key ID and an Encryption Algorithm. You can create a customer master key (CMK) in the Key Management Service (KMS) console. For more information, see Create a CMK. Encryption algorithms AES256 and SM4 are supported.

      If you enable the server-side encryption feature in OSS, you can bring your own key (BYOK). Keys that are imported from KMS are supported. After you enable the OSS server-side encryption feature, the system encrypts files that are uploaded to OSS from the share by using the specified key. You can call the GetObject operation to check whether the specified object is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID in the response header, the object is encrypted.

      Important

      • Only users on the whitelist can use this feature. The gateway-side encryption feature is available only for enhanced and performance-optimized gateways. For more information, see Enable gateway encryption.

      • When you create a CMK in the KMS console, you must select the region in which the OSS bucket resides.

      Use SSL to Connect Bucket

      If you select Yes, the bucket is connected over SSL.

    3. In the Basic Information step, configure the parameters described in the following table.

      Basic Information

      Parameter

      Description

      Share Name

      Specify a name for the share. If you set the Protocol parameter to NFS, the share name is also used as the virtual path of the share when the mount operation is performed based on NFSv4.

      Note

      The name must be 1 to 32 characters in length, and can contain letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter.

      Protocol

      Specify the protocol that you use to connect to the OSS bucket. You can select NFS or SMB.

      • Use the NFS protocol if you need to access the bucket from a Linux system.

      • Use the SMB protocol if you need to access the bucket from a Windows system.

      Cache

      Select an existing cache disk.

      Note

      Cache disk space is distributed based on the following rules:

      • For a cache disk with a capacity of no more than 5 TB, 20% of that capacity is reserved for metadata storage. For example, if you attach a 40 GB cache disk, the actual space available for data storage is 32 GB.

      • For a cache disk with a capacity of more than 5 TB, 1 TB is reserved for metadata storage. For example, if you attach a 20 TB cache disk, the actual space available for data storage is 19 TB.

      User Mapping

      Specify the user mapping between the NFS client and the NFS server.

      • none: The NFS client user is not mapped to the nobody user on the NFS server.

      • root_squash: The NFS client that uses the root identity is mapped to the nobody user on the NFS server.

      • all_squash: The NFS client is mapped to the nobody user on the NFS server regardless of the identity that the client uses.

      • all_anonymous: The NFS client is mapped to the anonymous user on the NFS server regardless of the identity that the client uses.

      Note

      This parameter is available only when you set Protocol to NFS.

      Archive

      Select whether to enable the archive feature.

      • If you select Yes, the archive feature is enabled. You can use the archive feature to archive and restore files in a share.

      • If you select No, the archive feature is disabled.

      Note

      • This parameter is available only if you set Protocol to NFS and User Mapping to none.

      • Basic file gateways do not support the archive feature.

      • If you request to read an archived file from a gateway for which the archive feature is disabled, a request to restore the file is still initiated. If the file gateway uses an NFS share, no error is returned, but a certain level of I/O latency occurs. If the file gateway uses an SMB share, a short-lived error occurs, and the read operation is successful after the restoration process is complete.

      Browsable

      Specify whether the share can be accessed by using Network Neighborhood.

      Note

      This parameter is available only if you set Protocol to SMB.

      Windows Permission Support

      The access control settings. For more information about permission control, see Enable Windows permission support.

      Note

      • This parameter is available only if you set Protocol to SMB.

      • To enable Windows permission support, you must add the gateway to an AD domain first.

      Access-based Enumeration

      After Windows ABE is enabled, users can only view files or directories that they have permissions to manage.

      Note

      This parameter is available only if you set Windows Permission Support to Yes.

      Add to Sync Group

      Specify whether to add the share to a synchronization group. If you add the share to a synchronization group, the reverse synchronization feature is automatically disabled for the share. After you add the share to a synchronization group, all changes made to the data stored in the OSS bucket that corresponds to the share are synchronized to the on-premises client on which the share is mounted.

      Note

      • To enable this feature, create a synchronization group first. Make sure that the synchronization group and the share use the same OSS bucket. For more information, see Configure express synchronization.

      • Only Standard, Enhanced, and Performance Optimized gateways support the express synchronization feature.

      • The express synchronization feature relies on Simple Message Queue (formerly MNS) and incurs SMQ fees. For more information, see Configure express synchronization.

      Advanced Settings

      After you select the Advanced Settings check box, the Advanced Settings step appears.

    4. (Optional) In the Advanced Settings step, configure the parameters described in the following table.

      Advanced Settings

      Parameter

      Description

      Mode

      Select a mode in which you want the share to run. You can select Cache Mode or Replication Mode. By default, a share runs in the cache mode.

      • Replication Mode: In this mode, two backups are created for all data. One backup is stored in the on-premises cache disk and the other backup is stored in the associated OSS bucket.

      • Cache Mode: In this mode, the on-premises cache disk stores only metadata and the data that is frequently accessed. The bucket stores full data.

      We recommend that you set Mode to Cache Mode if you want to migrate data to the cloud or back up data.

      Transfer Acceleration

      Specify whether to enable transfer acceleration. This parameter is available only if you set Cross-region Binding in the Bucket Settings step to Yes. This feature accelerates data transfer across regions by using the public bandwidth of the gateway. Before you use this feature, make sure that the transfer acceleration feature is enabled for the associated OSS bucket.

      Fragmentation Optimization

      For applications that frequently and randomly read or write a small amount of data, enabling fragmentation optimization prevents file fragmentation issues of file systems. This feature is an experimental option. You should decide whether to enable this feature based on your actual application requirements.

      Bypass Cache Read

      By default, if a cache miss occurs for a read request to a share, the gateway downloads the requested data from the associated OSS bucket to the cache disk. This process involves a certain level of data prefetching. However, if read requests are completely random reads and the size of the cache disk is far smaller than the size of data in the OSS bucket, prefetching data to the cache disk may not deliver satisfactory performance. In this case, consider enabling this feature. We recommend that you enable this feature only when it is necessary.

      Upload Optimization

      If you select Yes, cached data is cleared in real time. This feature is suitable for cloud backup scenarios.

      Reverse Sync

      Select whether to synchronize metadata of objects in the bucket to your local device. The reverse synchronization feature is useful in scenarios such as disaster recovery, data recovery, and data sharing.

      Note

      • During a reverse synchronization process, the system scans all objects in the bucket. If there are a large number of objects, you are charged for OSS API calls. For more information, see Pricing.

      • If you select the Add to Sync Group check box in the Basic Information step, the Reverse Sync parameter is unavailable.

      Reverse Sync Interval

      If you set Reverse Sync to Yes, you must set the Reverse Sync Interval parameter. Valid values: 15 to 36000. Unit: seconds.

      Note

      If the bucket contains a large number of objects, we recommend that you set the interval to be greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

      Ignore Deletions

      If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. The bucket stores full data.

      NFS V4 Optimization

      Select whether to optimize the upload efficiency if the share is mounted to an NFSv4 file system. If you select Yes, you cannot mount the share to an NFSv3 file system.

      Note

      This parameter is available only to an NFS share.

      Sync Latency

      Specify a period of time to delay the upload of files. A sync latency prevents frequent on-premises modifications from creating a large number of fragments in OSS. Default value: 5. Maximum value: 120. Unit: seconds.

      Replication Mode Advanced Settings

      This parameter is available only if you set Mode to Replication Mode. After you select the Replication Mode Advanced Settings check box, the Replication Mode Advanced Settings step appears.

    5. (Optional) In the Replication Mode Advanced Settings step, configure the parameters described in the following table.

      Replication Mode Advanced Settings

      Parameter

      Description

      Configure Directory in Replication Mode

      Select the directories to which the replication mode applies.

      • If you do not configure directories, the replication mode applies to all data in the share.

      • To configure directories in replication mode, select the check box, click Add Directory, and specify the directories to which you want the replication mode to apply. Directories other than the specified ones use the cache mode.

      Note

      • If you change the mode of a directory from cache to replication, the files in the directory can be synchronized only when the data download feature is also enabled. We recommend that you enable the data download feature if you use the replication mode.

      • To specify a directory, use its path relative to the mount point of the share. For example, if the directory to which you want to apply the replication mode is /mnt/myshare/mydir/ and the mount point is /mnt/myshare, you can enter /mydir/.

      Data Download

      If you enable the data download feature, reverse synchronization or express synchronization synchronizes both data and metadata. If you do not enable the data download feature, only metadata is synchronized.

      Note

      • Data replication requires the capacity of the cache disk to be greater than 1.1 times the file size to be replicated. Specify the cache capacity based on the expected growth of the bucket usage.

      • The first time you enable the data download feature, a full scan is triggered. This process may affect the performance of the gateway. We recommend that you enable the data download feature during off-peak hours and wait for the system to replicate all the data.

      • The data download feature supports only write-once-read-many storage. If multiple users access the bucket at the same time (including but not limited to direct access or access through the gateway), only one user can upload files to the bucket, and other users can only download data. Data loss may occur if multiple users write data to and read data from the bucket at the same time.

      Download Speed Limit

      After you enable data download, you must set this parameter. You can specify a speed limit within the range of 0 MB/s to 1,280 MB/s. If you set this parameter to 0 MB/s, the download speed is unlimited.

      Reverse Sync Interval

      Set a reverse synchronization interval. This parameter is available only if you set Data Download to Yes. The reverse synchronization interval ranges from 3,600 seconds to 36,000 seconds.

      Note

      • If the bucket contains a large number of objects, we recommend that you set the interval to a value greater than 3,600 seconds. Otherwise, repeated scans result in frequent OSS API calls. This causes an increase in fees generated by OSS API calls.

      • Reverse synchronization is triggered only when you access the directory. To make sure that the data in other directories can be downloaded and new data can be downloaded in real time, we recommend that you use express synchronization.

    6. In the Confirmation step, check the configuration information. If nothing is wrong, click Complete.

    Access a share

    After you create a share, you can access the share from the client. For more information, see Access shares.