This topic describes how to configure shares in the on-premises file gateway console.
Prerequisites
An Alibaba Cloud account is created and real-name verification for the account is successful. For more information, see Create an Alibaba Cloud account.
NoteWe recommend that you perform operations in the CSG console as a RAM user. For more information, see Use RAM to implement account-based access control.
CSG is activated.
If CSG is not activated, follow the on-screen instructions in the CSG console to activate CSG.
The on-premises file gateway console is deployed. For more information, see Deploy an on-premises console for a file gateway.
An Object Storage Service (OSS) bucket is created. For more information, see Create buckets.
NoteCSG supports Standard, Infrequent Access (IA), and Archive OSS buckets.
If you request to read an archived file from a gateway for which the archive feature is disabled, a request to restore the file is initiated. If the file gateway uses a Network File System (NFS) share, no error is returned, but a certain level of I/O latency occurs. If the file gateway uses a Server Message Block (SMB) share, a short-lived error occurs, and the read operation is successful after the restoration process is complete.
When a client writes a file to a file gateway, the gateway records at least two actions: writing the file and setting the file modification time. The gateway merges the two actions where possible. However, the gateway may still initiate multiple operations on the object to the bucket where the object is stored. The CopyObject operation is called to store the file modification time as a piece of metadata of the object in the bucket. If the object is an Archive or Cold Archive object, this operation requires object restoration, which takes some time to complete. This increases the time required for object uploads and even causes upload failures if not enough time is left to upload data in the cache. We recommend that you do not connect a gateway to an Archive bucket. If files that are written from a file gateway to OSS are infrequently modified, we recommend that you store the files in a Standard or IA bucket first and configure a lifecycle rule that changes the storage class of the files to Archive or Cold Archive. This reduces unnecessary restoration operations and optimizes storage costs and efficiency.
A disk is added. For more information, see Add disks.
Step 1: Add a cache disk
Each shared directory of Cloud Storage Gateway (CSG) corresponds to a unique cache disk. If you need to create multiple shared directories, you must create multiple cache disks. You can transmit data in a shared directory to Object Storage Service (OSS) or use a cache disk to synchronize data from OSS to an on-premises device.
Open your browser, enter
https://<IP address of the file gateway>
in the address bar, and then press Enter.In the dialog box that appears, enter your username and password, and then click OK.
In the left-side navigation pane, click Caches. On the Caches page, click Create.
In the Create Cache dialog box, set the following parameters:
Disk: Click Select, and then select an available disk in the Select disk dialog box.
Disks are available only after you add the disks on the deployment platform. For more information, see Add disks.
File System: This parameter is optional. If you want to reuse data on the cache disk, select this check box. If you delete a share by accident, you can recreate the share and use this feature to restore data.
NoteIf you select the File System check box but no file system exists on the cache disk, the cache disk fails to be created.
Click OK.
Step 2: Bind cloud resources
You can create shares that use OSS buckets as backend storage. One bucket corresponds to one share. You can bind multiple cloud resources to a file gateway.
By default, the data that is written to a gateway by a client is uploaded in real time to an OSS bucket that is bound to the gateway. You can also specify a latency for the upload. The maximum latency is 120 seconds.
In the on-premises file gateway console, click Cloud Resources in the left-side navigation pane. On the Cloud Resources page, click Bind.
In the Bind Cloud Resource dialog box, set the parameters. The following table describes the parameters.
Parameter
Description
Resource Name
Enter the name of the cloud resource that you want to bind.
Cross-region Binding
Set the parameter.
If you select Yes, you can access a bucket that resides in a different region from the specified gateway.
If you select No, you can access only a bucket that resides in the same region as the specified file gateway.
NoteThe time zone of the on-premises file gateway must be the same as the time zone of the OSS bucket.
Region
Select a region where the bucket resides.
Bucket Name
Select a bucket that you want to bind to the file gateway.
Use SSL
If you select Yes, you can connect to the OSS bucket over SSL.
Click OK.
Step 3: Create a share
On-premises file gateways support Network File System (NFS) shares and Server Message Block (SMB) shares. You can create a share based on your business requirements. This section describes how to create an NFS share. For information about how to create an SMB share, see Manage SMB shares.
Install an NFS client. For more information, see Install an NFS client.
In the on-premises file gateway console, click NFS in the left-side navigation pane. On the Files Gateway (NFS) page, click Create.
In the Create NFS Share dialog box, set the parameters and click OK. The following table describes the parameters.
Parameter
Description
Share Name
The virtual mount point of the NFS share that you want to create.
You can use this share name to mount an NFSv4 share. If you want to mount an NFSv3 share, you must run the
showmount -e <IP address of the gateway>
command to obtain the mount point.Read/Write Client IPs
The IP address or CIDR block of the client that can read data from or write data to the NFS gateway.
Example: 192.168.10.10 or 192.168.0.0/24. You can enter multiple IP addresses or CIDR blocks.
Read-only Client IPs
The IP address or CIDR block of the client that can only read data from the NFS gateway.
Example: 192.168.10.10 or 192.168.0.0/24. You can enter multiple IP addresses or CIDR blocks.
User Mapping
Maps an NFS client user to an NFS server user. This parameter is available only if you set Protocol to NFS.
none: specifies no mapping relationship between an NFS client user and the nobody user of the NFS server.
root_squash: restricts the use of root user permissions. NFS clients that use the root identity are mapped to the nobody user on the NFS server.
all_squash: restricts the use of all user permissions. NFS clients are mapped to the nobody user of the NFS server regardless of the identity that is used by the clients.
all_anonymous: restricts the use of all user permissions. NFS clients are mapped to the anonymous user of the NFS server regardless of the identity that is used by the clients.
Archive
This parameter is available only if you set the Protocol parameter to NFS and the User Mapping parameter to none.
If you select Yes, the archive feature is enabled. You can archive and restore files in a share by using the archive management tool.
If you select No, the archive feature is disabled. You cannot use the archive management tool to manage files. If you request to read data from an archived file, the system sends a request to restore the file at the same time. No error message is returned. However, latency may exist before you can read the archived file.
NoteBasic file gateways do not support the archive feature.
Enable
Specify whether to enable the specified NFS share.
If you do not want to use the NFS share, you can select No to disable the NFS share.
Mode
Valid values: Cache Mode and Replication Mode.
Replication Mode: In this mode, two backups are created for all data. One backup is stored on the on-premises cache disk and the other backup is stored in the associated OSS bucket.
Cache Mode: In this mode, the backup that is stored on the on-premises cache disk contains only metadata and the user data that is frequently accessed. The backup that is stored in the OSS bucket contains all data.
Reverse Sync
Specifies whether to synchronize metadata that is stored in the OSS bucket to the on-premises cache disk. You can use this feature in scenarios in which disaster recovery, data restoration, and data sharing are required.
NoteIn a reverse synchronization process, the system scans all objects in the bucket. If the number of objects exceeds the limit, you are charged when you call the OSS API. For more information, see OSS pricing.
Encrypt
Valid values: None and Server-side Encryption.
If you select Server-side Encryption, you must set the Key ID parameter. You can create a key in the KMS console. For more information, see Create a CMK.
After you enable the OSS server-side encryption feature, you can bring your own key (BYOK). The system supports keys that are imported from Key Management Service (KMS).
After you enable the OSS server-side encryption feature, the system uses the imported key to encrypt files that are uploaded to OSS from the shared directory. You can call the GetObject API operation to check whether the specified file is encrypted. If the value of the x-oss-server-side-encryption field is KMS and the value of the x-oss-server-side-encryption-key-id field is the key ID in the response header, the file is encrypted.
NoteOnly the users in the whitelist can use this feature.
If you create a key in the KMS console, you must select the region in which the OSS bucket resides.
Bucket Name
Select an existing bucket.
Subdirectory
Enter a subdirectory of the bucket.
The Subdirectory field supports only letters and digits.
NoteIn version 1.0.38 and later, you can map the root directory of a file system to a subdirectory of a bucket. This way, you can isolate file access requests.
You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create a share, the specified subdirectory serves as the root directory, and stores all related files and directories.
Use Metadata
Specifies whether to use metadata disks. If you use metadata disks, data disks are separated from metadata disks, and metadata disks are used to store the metadata of shared directories.
If you select Yes, you must set the Metadata and Data parameters.
If you select No, you must set the Cache Disk parameter.
NoteOnly the users in the whitelist can use this feature.
Ignore Deletions
If you select Yes, the data that is deleted from the on-premises cache disk is not deleted from the OSS bucket. The OSS bucket retains all data.
NFS V4 Optimization
Specifies whether to improve the upload efficiency of NFSv4 files. If you select Yes, you cannot mount an NFSv3 file system on your on-premises host.
Sync Latency
Specify a synchronization latency to upload modified and closed files. The Sync Latency feature prevents OSS file fragments that are caused by frequent on-premises modifications. Default value: 5. Maximum value: 120. Unit: seconds.
Max Write Speed
Specify the maximum write speed. Valid values: 0 to 1280. Unit: MB/s. Default value: 0. The value 0 indicates that the write speed is unlimited.
Max Upload Speed
Specify the maximum upload speed. Valid values: 0 to 1280. Unit: MB/s. Default value: 0. The value 0 indicates that the upload speed is not limited.
NoteWhen you customize the maximum write speed and upload speed, make sure that the maximum upload speed is greater than or equal to the maximum write speed.
Fragmentation Optimization
Specifies whether to optimize the performance for applications that frequently and randomly read and write small amounts of data. You can enable this feature based on your business requirements.
Upload Optimization
If you select Yes, cached data is cleared in real time. You can enable this feature if you synchronize only backups to the cloud.
Click OK.
Access a share
After you create a share, you can use an NFS client to access the shared directory. For more information, see Access an NFS share.